Présentation Evolutions CAS Version 3



Similar documents
Implementing CAS. Adam Rybicki Jasig Conference, San Diego, CA March 7, 2010

Introduction ToIP/Asterisk Quelques applications Trixbox/FOP Autres distributions Conclusion. Asterisk et la ToIP. Projet tuteuré

CENTRAL AUTHENTICATION SERVICE (CAS) SSO FOR EMC DOCUMENTUM REST SERVICES

Stockage distribué sous Linux

Implementing CAS. Adam Rybicki Jasig Conference, Dallas, TX March 1, 2009

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

Pierce County IT Department GIS Division Xuejin Ruan Dan King

«Object-Oriented Multi-Methods in Cecil» Craig Chambers (Cours IFT6310, H08)

Introduction. GEAL Bibliothèque Java pour écrire des algorithmes évolutionnaires. Objectifs. Simplicité Evolution et coévolution Parallélisme

CASifier une application

Approaches and challenges for a SSO enabled extranet using Jasig CAS. Florian Holzschuher René Peinl

TP : Configuration de routeurs CISCO

Reconstruction d un modèle géométrique à partir d un maillage 3D issu d un scanner surfacique

Authentication Methods

Future Entreprise. Jean-Dominique Meunier NEM Executive Director Nov. 23, 2009 FIA Stockholm

WildFly in Oracle okolje

Sun Management Center Change Manager Release Notes

Spring Security SAML module

State of Maryland Health Insurance Exchange

A (re)introduction to Spring Security

TIBCO Spotfire Platform IT Brief

Introduction au BIM. ESEB Seyssinet-Pariset Economie de la construction contact@eseb.fr

site et appel d'offres

Open-source Single Sign-On with CAS (Central Authentication Service)

EPREUVE D EXPRESSION ORALE. SAVOIR et SAVOIR-FAIRE

ESMA REGISTERS OJ/26/06/2012-PROC/2012/004. Questions/ Answers

Shibboleth Identity Provider (IdP) Sebastian Rieger

LinShare project version 0.8 File sharing and vault application

Portal In Anger. Ray Ploski Team Lead - Solutions Architecture, JBoss by Red Hat June 22, 2010

SCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS

From centralized to single sign on

Sun TM SNMP Management Agent Release Notes, Version 1.6

Archived Content. Contenu archivé

High Availability CAS

Unlocking the Secrets of Alfresco Authentication. Mehdi BELMEKKI,! Consultancy Team! Alfresco!

Archived Content. Contenu archivé

Administrer les solutions Citrix XenApp et XenDesktop 7.6 CXD-203

Interfaces de programmation pour les composants de la solution LiveCycle ES (juillet 2008)

LLP ES-LEONARDO-LMP.

Stéphane LOIGEROT CARMEN s project manager BRGM/DSI/ISTN/SDI INSPIRE Compliant Data and Services on the Cloud

Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma. DNS The Domain Name System

Monitoring Open Source pour Java avec JmxTrans, Graphite et Nagios

RAPPORT FINANCIER ANNUEL PORTANT SUR LES COMPTES 2014

Integrating Multi-Factor Authentication into Your Campus Identity Management System

System Requirements Orion

Cours de Java. Sciences-U Lyon. Java - Introduction Java - Fondamentaux Java Avancé.

Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS)

enterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards

Durée 4 jours. Pré-requis

Configuration Guide. SafeNet Authentication Service. SAS Agent for AD FS

NUNAVUT HOUSING CORPORATION - BOARD MEMBER RECRUITMENT

Vincent Rullier Technology specialist Microsoft Suisse Romande

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

Sun Grid Engine Release Notes

STUDENT APPLICATION FORM (Dossier d Inscription) ACADEMIC YEAR (Année Scolaire )

CLUSTERING CAS for High Availability. Eric Pierce, University of South Florida

Memo bconsole. Memo bconsole

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

Security As A Service Leveraged by Apache Projects. Oliver Wulff, Talend

Access Management Analysis of some available solutions

Brazil + JDBC Juin 2001, douin@cnam.fr

Sun SNMP Management Agent Release Notes, Version 1.5.5

Sun Management Center 3.6 Version 5 Add-On Software Release Notes

ANIMATION OF CONTINUOUS COMPUTER SIMULATIONS C.M. Woodside and Richard Mallet Computer Center, Carleton University ABSTRACT

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Setting up a monitoring and remote control tool

Travaux publics et Services gouvernementaux Canada. Title - Sujet MANAGED WEB SERVICES. Solicitation No. - N de l'invitation G /B

OCC1 546 STRATEGIES IN OCCUPATIONAL THERAPY PROFESSIONAL PRACTICE


TABLECLOTHS TEMPLATES

Unrealized Gains in Stocks from the Viewpoint of Investment Risk Management

Langages Orientés Objet Java

Thursday, February 7, DOM via PHP

CrownPeak Java Web Hosting. Version 0.20

Audit de sécurité avec Backtrack 5

SAML Authentication Quick Start Guide

Sun Management Center 3.5 Update 1b Release Notes

Archived Content. Contenu archivé

Travaux publics et Services gouvernementaux Canada. Title - Sujet HRSDC FUNCTIONAL SUPPORT. Solicitation No. - N de l'invitation G /A

Authentication and access control in Sympa mailing list software

Archived Content. Contenu archivé

Formation à l ED STIC ED STIC Doctoral education. Hanna Klaudel

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

PostGIS Integration Tips

Tool & Asset Manager 2.0. User's guide 2015

HPC Portal Development Platform with E-Business and HPC Portlets

POB-JAVA Documentation

Start Here. Installation and Documentation Reference. Sun StorEdgeTM 6120 Array

Nicholas S. Williams. wrox. A Wiley Brand

MONTÉSINOS 2015 NOTICE OF RACE 1. RULES

Authentication and access control in Sympa mailing list server

Transcription:

Esup Days 5 Présentation Evolutions CAS Version 3 5 février 2008

Sommaire Nouveautés Technologie Modules authentification Personnalisation graphique Sécurité Redondance Global Logout Divers Package

Technologie Tout SPRING Plus souple Plus facilement extensible Plus compliqué aussi

Modules authentification Indépendance et chaînage (comme Generic Handler) Quelques modules LDAP JDBC OpenId Spnego (Windows + kerberos) Fichier Google apps (SAML 2.0) Possibilité d écrire son module

Exemple LDAP <bean id="ldaphandler«class="org.jasig.cas.adaptors.ldap.fastbindldapauthenticationhandler«lazy-init="true"> <property name="filter" value="${ldap.basedn}" /> <property name="contextsource"> <bean class="org.jasig.cas.adaptors.ldap.util.authenticatedldapcontextsource"> <property name="pooled" value="true"/> <property name="anonymousreadonly" value="true" /> <property name="urls"> <list> <value>${ldap.host.1}</value> <value>${ldap.host.2}</value> </list> </property> </bean> </property> </bean>

Personnalisation graphique Séparation fond/forme Fichier de langue CSS (accessibilité) Mécanisme gérant des vues et des thèmes Possibilité d avoir plusieurs thèmes (ou vue)

Sécurité Possibilité de limiter les services

Redondance Ticket persistant (failover) JBOSS JDBC BerkleyDB Réplication de session Tomcat (cluster)

Global Logout Utilisation SAML Client compatible CAS Redirection Application Session Ticket Validation ticket Session Formulaire Saisie Accès Autorisé

Global Logout <samlp:logoutrequest ID="[RANDOM ID]" Version="2.0" IssueInstant="[CURRENT DATE/TIME]"> <saml:nameid>@not_used@</saml:nameid> <samlp:sessionindex>[session IDENTIFIER]</samlp:SessionIndex> </samlp:logoutrequest> Session CAS SAML Logout SAML Logout Application Session ENT Logout Session

Divers Retourner des attributs Retourner un autre identifiant que celui saisi JMX et statistiques

Retourner des attributs <bean id="attributerepository" class="org.jasig.services.persondir.support.ldap.ldappersonattributedao"> <property name="basedn" value="${ldap.people.basedn}" /> <property name="query" value="${ldap.people.filter}" /> <property name="contextsource"> <ref bean="ldapsource" /> </property> <property name="ldapattributestoportalattributes"> <map> <entry key="mail" value="mail" /> <entry key="displayname" value="displayname" /> <entry key="supannaliaslogin" value="supannaliaslogin" /> </map> </property> </bean>

Retourner des attributs Dans la JSP de validation de Ticket <c:foreach var="auth" items="${assertion.chainedauthentications}"> <c:foreach var="attr" items="${auth.principal.attributes}" > <cas:attribute name="${fn:escapexml(attr.key)}" value="${fn:escapexml(attr.value)}"/> </c:foreach> </c:foreach> <cas:serviceresponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationsuccess> <cas:user>jmarchal</cas:user> <cas:attribute name="mail" value="julien.marchal@univ-nancy2.fr"/> <cas:attribute name="displayname" value="julien MARCHAL"/> <cas:attribute name="supannaliaslogin" value="julien.marchal"/> </cas:authenticationsuccess> </cas:serviceresponse>

Autre identifiant que celui saisi <bean class="org.jasig.cas.authentication.principal.credentialstoldapattributeprincipal Resolver"> <property name="credentialstoprincipalresolver"> <bean class="org.jasig.cas.authentication.principal.usernamepasswordcredentialstoprin cipalresolver" /> </property> <property name="filter" value="(uid=%u)" /> <property name="principalattributename" value="supannaliaslogin" /> <property name="searchbase" value="${ldap.people.basedn}" /> <property name="contextsource"> <ref bean="ldapsource" /> </property> <property name="attributerepository"> <ref bean="attributerepository" /> </property> </bean>...

Autre identifiant que celui saisi <cas:serviceresponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationsuccess> <cas:user>julien.marchal</cas:user> <cas:attribute name="mail" value="julien.marchal@univ-nancy2.fr"/> <cas:attribute name="displayname" value="julien MARCHAL"/> <cas:attribute name="supannaliaslogin" value="julien.marchal"/> </cas:authenticationsuccess> </cas:serviceresponse>

JMX numberofproxytickets numberofservicetickets numberofticketgrantingtickets numberofproxygrantingtickets serviceticketspersecond ticketgrantingticketspersecond proxygrantingticketspersecond

Vue d ensemble PROTOCOLES CAS OpenId SAML A écrire AUTHENTIFICATIONS JAAS JDBC LDAP RADIUS File SPNEGO X.509 Google A écrire RESOLVEUR DE VUES (JSP) VUE 1 VUE 2 VUE 3 RESOLVEUR DE THEMES (CSS) THEME 1 THEME 2 THEME 3 ADMINSITRATEUR Gestion des services JMX Clustering

Package CAS Refonte complète du package Utilisation de maven Cofiguration allégée Fichier de configuration esup pré mâché Authentification LDAP Authentification Fichier Quickstart disponible