Professional Documents
Culture Documents
CAS - Jak Zaimplementować Single Sign-On W Swoim Serwisie?
CAS - Jak Zaimplementować Single Sign-On W Swoim Serwisie?
CAS - Jak Zaimplementować Single Sign-On W Swoim Serwisie?
@mstepniowski
SINGLE SIGN-ON
Platforma Redakcyjna
redakcja.wolnelektury.pl
Platforma Redakcyjna
redakcja.wolnelektury.pl
Wolne Lektury
wolnelektury.pl
Wolne Podrczniki
wiki.wolnepodreczniki.pl
Blog
nowoczesnapolska.org.pl
Directory
CAS
Jasig
redirect
check token
yes marek
no
FEATURES
- all passwords are stored in one place logins can happen without user interaction
to implement
GATEWAY AUTH
GATEWAY AUTH
redirect
GATEWAY AUTH
redirect (with token) Note We dont show the login form, even if the user is not logged in
GATEWAY AUTH
check token
GATEWAY AUTH
yes marek
no
GATEWAY AUTH
JAVASCRIPT AUTH
SINGLE SIGN-OFF
SINGLE SIGN-OFF
Sign off
SINGLE SIGN-OFF
But... It doesnt scale!
Second
cookie required to perform API calls is short lived and needs to be refreshed using the rst cookie off from Facebook deletes both cookies
Signing
CAS 2.0
Oh hai, XML!
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code="INVALID_TICKET"> Ticket ST-1856339-aA5Yuvrxzpv8Tau1cYQ7 not recognized </cas:authenticationFailure> </cas:serviceResponse>
Oh hai, XML!
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code="INVALID_TICKET"> Ticket ST-1856339-aA5Yuvrxzpv8Tau1cYQ7 not recognized </cas:authenticationFailure> </cas:serviceResponse>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>marek</cas:user> <cas:proxyGrantingTicket> PGTIOU-84678-8a9d... </cas:proxyGrantingTicket> <fullName>Marek Stpniowski</fullName> <isAdmin>yes<isAdmin> </cas:authenticationSuccess> </cas:serviceResponse>
Oh hai, XML!
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code="INVALID_TICKET"> Ticket ST-1856339-aA5Yuvrxzpv8Tau1cYQ7 not recognized </cas:authenticationFailure> </cas:serviceResponse>
CAS 3.0
STUCK IN A LIMBO
Adds attribute exchange (most clients implement it as an extension of 2.0)
Django
https://github.com/zuber/django-cas-provider https://github.com/zuber/django-cas-consumer
Python
https://wiki.jasig.org/display/CASC/Pycas
Ruby
Django
https://github.com/zuber/django-cas-provider https://github.com/zuber/django-cas-consumer
Python
https://wiki.jasig.org/display/CASC/Pycas
OpenID: ________
OpenID: stepniowski.com
stepniowski.com
redirect
stepniowski.com
stepniowski.com
stepniowski.com
check token
stepniowski.com
yes|no
stepniowski.com
FEATURES
FEATURES
sign-on but not single sign-in to implement - delegation requires an HTML parser
openid.sreg
openid.ax
2.0
Django
https://github.com/omab/django-social-auth
Python
https://github.com/openid/python-openid
Ruby
https://github.com/openid/ruby-openid
+many more
COMPARISON
CAS
Centralized Single Easy
OpenID
Decentralized Only Hard
to implement
Attribute Single
sign-off authentication
sign-off extensions
Gateway
Browser
ASK FOR IT
And I will create a separate presentation
MAREK STPNIOWSKI
@mstepniowski
WERE HIRING!
http://www.setjam.com/jobs/
DJANGOPIWO
Warsaw SetJam HQ Wednesday August 24th @mstepniowski @marcink ^marcinkaszynski