CAS (Central Authentication Service)
Overview
CAS is a system which provides SSO mainly for web applications. It consists of two components: The CAS Server and the CAS Client. The CAS server authenticates user against a user database and provides this information to the clients. The CAS client is inserted before a web application to make sure, that only authenticated users have access. The client is available for many platforms like PHP and Perl.
The following picture shows how SSO with CAS works:
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
Client Configuration
Building a simple web application using a CAS client consisting of a servlet filter:
Deployment Descriptor:
JSP Page:
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <body> Hi <c:out value="${sessionScope['edu.yale.its.tp.cas.client.filter.user']}"/>! </body> </html>
Server Configuration
Tomcat |
|
---|---|
Hostname |
madagaskar |
HTTP Port |
80 |
HTTPS Port |
443 |
LDAP-Server |
|
Hostname |
zanzibar |
Port |
10389 |
Search Base |
o=sevenSeas |
Attribut with user name |
uid |
Anonymous Bind |
allowed |
Configuration of the connection to the ApacheDS Server (<tomcat_home>/webapps/cas/WEB-INF/deployerConfigContext.xml):