SlideShare uma empresa Scribd logo

CAS Enhancement

Transferir como PPT, PDF
Guo Albert
Guo Albert
TecnologiaEducação
1 de 42
Albert Guo [email_address]
[object Object],[object Object],[object Object],[object Object],[object Object]
 
 
web browser app. #1 app. #2 app. #3 without SSO service web browser app. #1 app. #2 app. #3 with SSO service
[object Object],[object Object],[object Object],[object Object]
 
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
 
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User need NOT to provide id/password again ( with SSO cookie exist )
Service 1 Resource 1. Initial request login 2. Authentication 3. Access resource Service 2 login Resource 2. Authentication again 1. Initial request 3. Access resource Multiple user database Multiple login PW PW
Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User does NOT need to provide id/password again ( with SSO cookie exist )
Service CAS Login state ? ID and Password Correct? Validation url Initial request Redirect to CAS (send serviceId ) Y N N Login again Id and password Ticket transfer (Send ticket and set SSO cookie ) Ticket Validation Use resource N Save login state Y Y Ticket validation
 
 
 
[object Object],[object Object]
[object Object]
Just provide same user name and password, then you can pass the validation
 
 
 
 
 
 
Modify this return page
[object Object],[object Object],[object Object],[object Object],[object Object]
 
 
 
 
[object Object],[object Object],[object Object]
In org.jasig.cas.web package
 

Recomendados

SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 

Recomendados

SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLinkpigorcraveiro
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The BasicsIshan A B Ambanwela
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLinkJBUG London
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloudNagraj Rao
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceAmin Saqi
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
SSO introduction
SSO introductionSSO introduction
SSO introductionAidy Tificate
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Single sign on
Single sign onSingle sign on
Single sign onguest64ab8e
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universitybpowell29a
 

Mais conteúdo relacionado

Mais procurados

Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLinkpigorcraveiro
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLinkJBUG London
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceAmin Saqi
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 

Mais procurados (20)

SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLink
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and Performance
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 
Single sign on
Single sign onSingle sign on
Single sign on
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
 

Destaque

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universitybpowell29a
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
 
"Esup CAS Packaging" : Deploy and customize easily a CAS4 server
"Esup CAS Packaging" : Deploy and customize easily a CAS4 server"Esup CAS Packaging" : Deploy and customize easily a CAS4 server
"Esup CAS Packaging" : Deploy and customize easily a CAS4 serverLudovic A
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 

Destaque (6)

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland university
 
Sso walk-through
Sso walk-throughSso walk-through
Sso walk-through
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
 
"Esup CAS Packaging" : Deploy and customize easily a CAS4 server
"Esup CAS Packaging" : Deploy and customize easily a CAS4 server"Esup CAS Packaging" : Deploy and customize easily a CAS4 server
"Esup CAS Packaging" : Deploy and customize easily a CAS4 server
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 

Semelhante a CAS Enhancement

Building Trust Between Modern Distributed Systems with SPIFFE
Building Trust Between Modern Distributed Systems with SPIFFEBuilding Trust Between Modern Distributed Systems with SPIFFE
Building Trust Between Modern Distributed Systems with SPIFFEQAware GmbH
 
Building trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeBuilding trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeajessup
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsTorsten Lodderstedt
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Building a chat app with windows azure mobile
Building a chat app with windows azure mobileBuilding a chat app with windows azure mobile
Building a chat app with windows azure mobileFlavius-Radu Demian
 
Mixing Identity server, AAD, ASP .NET Identity
Mixing Identity server, AAD, ASP .NET IdentityMixing Identity server, AAD, ASP .NET Identity
Mixing Identity server, AAD, ASP .NET IdentityAndrea Tosato
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...BizTalk360
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocationguestd5dde6
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?Oliver Pfaff
 
Azure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protectionsAzure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protectionsAndres Canello
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFEPrabath Siriwardena
 
Trends in Banking APIs
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIsTatsuo Kudo
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomQConLondon2008
 

Semelhante a CAS Enhancement (20)

Building Trust Between Modern Distributed Systems with SPIFFE
Building Trust Between Modern Distributed Systems with SPIFFEBuilding Trust Between Modern Distributed Systems with SPIFFE
Building Trust Between Modern Distributed Systems with SPIFFE
 
Building trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeBuilding trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffe
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSO
 
Building a chat app with windows azure mobile
Building a chat app with windows azure mobileBuilding a chat app with windows azure mobile
Building a chat app with windows azure mobile
 
Mixing Identity server, AAD, ASP .NET Identity
Mixing Identity server, AAD, ASP .NET IdentityMixing Identity server, AAD, ASP .NET Identity
Mixing Identity server, AAD, ASP .NET Identity
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Bh Win 03 Rileybollefer
Bh Win 03 RileybolleferBh Win 03 Rileybollefer
Bh Win 03 Rileybollefer
 
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?
 
Azure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protectionsAzure AD - Password attacks - logging and protections
Azure AD - Password attacks - logging and protections
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
Trends in Banking APIs
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIs
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
 

Mais de Guo Albert

AWS IAM (Identity and Access Management) Policy Simulator
AWS IAM (Identity and Access Management) Policy SimulatorAWS IAM (Identity and Access Management) Policy Simulator
AWS IAM (Identity and Access Management) Policy SimulatorGuo Albert
 
TOEIC 準備心得
TOEIC 準備心得TOEIC 準備心得
TOEIC 準備心得Guo Albert
 
DBM專案環境建置
DBM專案環境建置DBM專案環境建置
DBM專案環境建置Guo Albert
 
JPA Optimistic Locking With @Version
JPA Optimistic Locking With @VersionJPA Optimistic Locking With @Version
JPA Optimistic Locking With @VersionGuo Albert
 
OCEJPA Study Notes
OCEJPA Study NotesOCEJPA Study Notes
OCEJPA Study NotesGuo Albert
 
OCEJPA(1Z0-898) Preparation Tips
OCEJPA(1Z0-898) Preparation TipsOCEJPA(1Z0-898) Preparation Tips
OCEJPA(1Z0-898) Preparation TipsGuo Albert
 
JPA lifecycle events practice
JPA lifecycle events practiceJPA lifecycle events practice
JPA lifecycle events practiceGuo Albert
 
XDate - a modern java-script date library
XDate - a modern java-script date libraryXDate - a modern java-script date library
XDate - a modern java-script date libraryGuo Albert
 
How to avoid check style errors
How to avoid check style errorsHow to avoid check style errors
How to avoid check style errorsGuo Albert
 
NIG系統報表開發指南
NIG系統報表開發指南NIG系統報表開發指南
NIG系統報表開發指南Guo Albert
 
Ease Your Effort of Putting Data into History Table
Ease Your Effort of Putting Data into History TableEase Your Effort of Putting Data into History Table
Ease Your Effort of Putting Data into History TableGuo Albert
 
NIG 系統開發指引
NIG 系統開發指引NIG 系統開發指引
NIG 系統開發指引Guo Albert
 
NIG系統開發文件閱讀步驟
NIG系統開發文件閱讀步驟NIG系統開發文件閱讀步驟
NIG系統開發文件閱讀步驟Guo Albert
 
Form Bean Creation Process for NIG System
Form Bean Creation Process for NIG SystemForm Bean Creation Process for NIG System
Form Bean Creation Process for NIG SystemGuo Albert
 
A Short Intorduction to JasperReports
A Short Intorduction to JasperReportsA Short Intorduction to JasperReports
A Short Intorduction to JasperReportsGuo Albert
 
Apply Template Method Pattern in Report Implementation
Apply Template Method Pattern in Report ImplementationApply Template Method Pattern in Report Implementation
Apply Template Method Pattern in Report ImplementationGuo Albert
 
Utilize Commons BeansUtils to do copy object
Utilize Commons BeansUtils to do copy objectUtilize Commons BeansUtils to do copy object
Utilize Commons BeansUtils to do copy objectGuo Albert
 
Apply my eclipse to do entity class generation
Apply my eclipse to do entity class generationApply my eclipse to do entity class generation
Apply my eclipse to do entity class generationGuo Albert
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorialGuo Albert
 
Spring JDBCTemplate
Spring JDBCTemplateSpring JDBCTemplate
Spring JDBCTemplateGuo Albert
 

Mais de Guo Albert (20)

AWS IAM (Identity and Access Management) Policy Simulator
AWS IAM (Identity and Access Management) Policy SimulatorAWS IAM (Identity and Access Management) Policy Simulator
AWS IAM (Identity and Access Management) Policy Simulator
 
TOEIC 準備心得
TOEIC 準備心得TOEIC 準備心得
TOEIC 準備心得
 
DBM專案環境建置
DBM專案環境建置DBM專案環境建置
DBM專案環境建置
 
JPA Optimistic Locking With @Version
JPA Optimistic Locking With @VersionJPA Optimistic Locking With @Version
JPA Optimistic Locking With @Version
 
OCEJPA Study Notes
OCEJPA Study NotesOCEJPA Study Notes
OCEJPA Study Notes
 
OCEJPA(1Z0-898) Preparation Tips
OCEJPA(1Z0-898) Preparation TipsOCEJPA(1Z0-898) Preparation Tips
OCEJPA(1Z0-898) Preparation Tips
 
JPA lifecycle events practice
JPA lifecycle events practiceJPA lifecycle events practice
JPA lifecycle events practice
 
XDate - a modern java-script date library
XDate - a modern java-script date libraryXDate - a modern java-script date library
XDate - a modern java-script date library
 
How to avoid check style errors
How to avoid check style errorsHow to avoid check style errors
How to avoid check style errors
 
NIG系統報表開發指南
NIG系統報表開發指南NIG系統報表開發指南
NIG系統報表開發指南
 
Ease Your Effort of Putting Data into History Table
Ease Your Effort of Putting Data into History TableEase Your Effort of Putting Data into History Table
Ease Your Effort of Putting Data into History Table
 
NIG 系統開發指引
NIG 系統開發指引NIG 系統開發指引
NIG 系統開發指引
 
NIG系統開發文件閱讀步驟
NIG系統開發文件閱讀步驟NIG系統開發文件閱讀步驟
NIG系統開發文件閱讀步驟
 
Form Bean Creation Process for NIG System
Form Bean Creation Process for NIG SystemForm Bean Creation Process for NIG System
Form Bean Creation Process for NIG System
 
A Short Intorduction to JasperReports
A Short Intorduction to JasperReportsA Short Intorduction to JasperReports
A Short Intorduction to JasperReports
 
Apply Template Method Pattern in Report Implementation
Apply Template Method Pattern in Report ImplementationApply Template Method Pattern in Report Implementation
Apply Template Method Pattern in Report Implementation
 
Utilize Commons BeansUtils to do copy object
Utilize Commons BeansUtils to do copy objectUtilize Commons BeansUtils to do copy object
Utilize Commons BeansUtils to do copy object
 
Apply my eclipse to do entity class generation
Apply my eclipse to do entity class generationApply my eclipse to do entity class generation
Apply my eclipse to do entity class generation
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorial
 
Spring JDBCTemplate
Spring JDBCTemplateSpring JDBCTemplate
Spring JDBCTemplate
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

CAS Enhancement

  • 2.
  • 3.  
  • 4.  
  • 5. web browser app. #1 app. #2 app. #3 without SSO service web browser app. #1 app. #2 app. #3 with SSO service
  • 6.
  • 7.  
  • 8.
  • 9.
  • 10.  
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
  • 17. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User need NOT to provide id/password again ( with SSO cookie exist )
  • 18. Service 1 Resource 1. Initial request login 2. Authentication 3. Access resource Service 2 login Resource 2. Authentication again 1. Initial request 3. Access resource Multiple user database Multiple login PW PW
  • 19. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
  • 20. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User does NOT need to provide id/password again ( with SSO cookie exist )
  • 21. Service CAS Login state ? ID and Password Correct? Validation url Initial request Redirect to CAS (send serviceId ) Y N N Login again Id and password Ticket transfer (Send ticket and set SSO cookie ) Ticket Validation Use resource N Save login state Y Y Ticket validation
  • 22.  
  • 23.  
  • 24.  
  • 25.
  • 26.
  • 27. Just provide same user name and password, then you can pass the validation
  • 28.  
  • 29.  
  • 30.  
  • 31.  
  • 32.  
  • 33.  
  • 35.
  • 36.  
  • 37.  
  • 38.  
  • 39.  
  • 40.
  • 42.