integration of n tiers application
play

Integration of N-tiers application Using CAS Single Sign On system - PowerPoint PPT Presentation

Feb 11, 2023 •316 likes •911 views

Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be Integration of N-tiers application http://associatie.kuleuven.be/

  1. Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be

  2. Integration of N-tiers application http://associatie.kuleuven.be/ velpi@groupt.be 2

  3. Integration of N-tiers application Integration of N-tiers application Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... velpi@groupt.be 3

  4. Integration of N-tiers application Introducing CAS: the project Originally developed by Yale University JA-SIG project since December 2004 http://www.ja-sig.org/products/cas/ velpi@groupt.be 4

  5. Integration of N-tiers application Introducing CAS: the technology • Originally open-source WebISO • Loosely based on Kerberos *model* • Server: Java & Spring framework Client: lots of implementations + libs available (with source) velpi@groupt.be 5

  6. Integration of N-tiers application Introducing CAS: the protocol XML http://www.ja-sig.org/products/cas/overview/protocol/index.html velpi@groupt.be 6

  7. Integration of N-tiers application Introducing CAS: N-tiers Proxy CAS http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough velpi@groupt.be 7

  8. Integration of N-tiers application Proxy CAS: the problem space • Passwords are passing all “clients” • Credentials have to be cached • Caching has to be done in plain text velpi@groupt.be 8

  9. Integration of N-tiers application Proxy CAS: a solution • One-time “passwords” • Passwords are replaced by “tickets” • One-time=request new for next authN velpi@groupt.be 9

  10. Integration of N-tiers application Integration of N-tiers application Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... velpi@groupt.be 10

  11. login scenario Integration of N-tiers application • BROWSER: cookies enabled BROWSER velpi@groupt.be 11

  12. login scenario Integration of N-tiers application CAS SERVER • CAS: a trusted arbiter of authenticity BROWSER velpi@groupt.be 12

  13. login scenario Integration of N-tiers application CAS SERVER Performance enhancement • Service: webapp that authenticates users via CAS IMAP PROXY • Proxy: service that wants to access other services on behalf of a particular user Horde / IMP with BROWSER phpCAS CLIENT velpi@groupt.be 13

  14. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS • Target (back-end service): service that accepts proxied credentials from at least one particular proxy IMAP PROXY Horde / IMP with BROWSER phpCAS CLIENT velpi@groupt.be 14

  15. Integration of N-tiers application login scenario: the players • CAS: a trusted arbiter of authenticity CAS • Service: webapp that authenticates users via CAS Horde • Proxy: service that wants to access other services on behalf of a particular user IMP • Target (back-end service): service that accepts proxied credentials from at least one particular proxy IMAP velpi@groupt.be 15

  16. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS IMAP PROXY Horde / IMP with BROWSER phpCAS CLIENT velpi@groupt.be 16

  17. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS IMAP PROXY Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER phpCAS CLIENT velpi@groupt.be 17

  18. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS IMAP PROXY (+TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 18

  19. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) (+TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 19

  20. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS ST (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) (+TGC) (SET TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 20

  21. Integration of N-tiers application login scenario: Credentials OR TicketGrantingCookie (TGC) response Redirect to: http://webmail.mydomain.org/?ticket=TICKET eg TICKET=ST-38815-m09bXdf770aEJfq9VsotayLh6OyE0MoovLM-20 velpi@groupt.be 21

  22. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS ST (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) (+TGC) (SET TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 22

  23. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS ST (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 23

  24. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 24

  25. Integration of N-tiers application login scenario: ServiceTicket (ST) validation 1/2 CAS server requests : http://webmail.mydomain.org/casProxy.php ?pgtIou= PGTIOU &pgtId= PGT eg PGT=TGT-38815-m09bXdf770aEJfq9VsotayLh6OyE0MoovLM-20 velpi@groupt.be 25

  26. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 26

  27. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 27

  28. Integration of N-tiers application login scenario: ServiceTicket (ST) validation 2/2 <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user> NetID </cas:user> <cas:proxyGrantingTicket> PGTIOU </cas:proxyGrantingTicket> </cas:authenticationSuccess> </cas:serviceResponse> velpi@groupt.be 28

  29. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 29

  30. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY S2 PGT (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 30

  31. Integration of N-tiers application login scenario: ProxyGrantingTicket (PGT) response <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:proxySuccess> <cas:proxyTicket> PT </cas:proxyTicket> </cas:proxySuccess> </cas:serviceResponse> velpi@groupt.be 31

  32. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY S2 PGT (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 32

  33. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT NETID PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (PT) (CREDENTIALS) IMAP PROXY S2 PGT NETID (LT) pgt-url ok? (+TGC) PT (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 33

  34. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT NETID PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (PT) (CREDENTIALS) IMAP PROXY S2 PGT NETID (LT) pgt-url ok? (+TGC) PT (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 34

  35. login scenario Integration of N-tiers application =? PAM NETID S1(proxy[]) IMAP with CAS SERVER SERVER PT S2 PAM_CAS PT PT NETID PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (PT) (CREDENTIALS) IMAP PROXY S2 PGT NETID (LT) pgt-url ok? (+TGC) PT (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 35

  36. Integration of N-tiers application login scenario: ProxyTicket (PT) validation <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user> NetID </cas:user> <cas:proxyGrantingTicket> PGTIOU </cas:proxyGrantingTicket> <cas:proxies> <cas:proxy> proxy1 </cas:proxy> <cas:proxy> proxy2 </cas:proxy> ... </cas:proxies> </cas:authenticationSuccess> </cas:serviceResponse> velpi@groupt.be 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du

Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du

EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be EuroCAMP 8may2008 Integration of N-tiers application

792 views • 36 slides
CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

1 Architecture and Modelling of Information Systems (D0I71A) Prof. dr. Monique Snoeck CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if you already have software ? Software manages its own

346 views • 17 slides
Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @ ACM/IFIP/USENIX Middleware 2017 Daniel Ritter Application Integration - De-coupling apps - Solving n-square connection and variety problems (for textual

490 views • 24 slides
Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration, Visualization, Query, Analysis and Sharing of IABIN Thematic Network Data Overarching Goals Develop a prototype Data Basin application for the IABIN

477 views • 14 slides
Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice for generic Enterprise Application Performance Factors Best Practice for 3-tiers Enterprise Application Hardware Load Balancer Basic Unix Tuning

336 views • 9 slides
Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k

Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k

Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k $15,000 Grant Application Complete all 4 sections: 1. Describe the risk control goods and/or service 2. What is the total cost 3. How will

329 views • 12 slides
INTEGRATION THROUGH CREATIVITY An Application of the APP METHOD to Language

INTEGRATION THROUGH CREATIVITY An Application of the APP METHOD to Language

GRUNDTVIG LLP MIGRANT WOMEN : INTEGRATION THROUGH CREATIVITY An Application of the APP METHOD to Language Learning The EURO-IDEA Associa/on in partnership with the

200 views • 18 slides
Application Integration at the University of Mlaga Victoriano Giralt Central ICT Services

Application Integration at the University of Mlaga Victoriano Giralt Central ICT Services

Application Integration at the University of Mlaga Victoriano Giralt Central ICT Services University of Malaga Advanced EuroCAMP Budapest November 18 th 2009 Start Hurdles A path Steps Bumps ???? An ideal Enterprise Application

1.03k views • 76 slides
Redesigning NCs Economic Development Tiers System Jeff DeBellis NC Department of Commerce

Redesigning NCs Economic Development Tiers System Jeff DeBellis NC Department of Commerce

01/06/2016 Redesigning NCs Economic Development Tiers System Jeff DeBellis NC Department of Commerce January 7, 2016 Commerces Role with the Tier System Calculate Tiers annually Field questions from public &amp; community

254 views • 9 slides
Carroll County Commissioners Presentation on Mapping of Growth Tiers November 13, 2012 1

Carroll County Commissioners Presentation on Mapping of Growth Tiers November 13, 2012 1

Carroll County Commissioners Presentation on Mapping of Growth Tiers November 13, 2012 1 SUMMARY OF TIERS &amp; SUMMARY OF TIERS &amp; MAPPING REQUIREMENTS MAPPING REQUIREMENTS T om Devilbiss Deputy Director, Carroll County Dept. of

511 views • 13 slides
Data Integration and Analysis Center (IABIN DIAC) Version 2: A Pilot Application for the

Data Integration and Analysis Center (IABIN DIAC) Version 2: A Pilot Application for the

Data Integration and Analysis Center (IABIN DIAC) Version 2: A Pilot Application for the Integration, Visualization, Query, Analysis and Sharing of IABIN Thematic Network Data Goals for Day 2 presentation Dispel myths Cost There

81 views • 6 slides
FINANCIALLY SUSTAINABLE INCUBATION MODELS KEY SUCCESS FACTORS WG3 TIERS OF SUPPORT AGENDA

FINANCIALLY SUSTAINABLE INCUBATION MODELS KEY SUCCESS FACTORS WG3 TIERS OF SUPPORT AGENDA

FINANCIALLY SUSTAINABLE INCUBATION MODELS KEY SUCCESS FACTORS WG3 TIERS OF SUPPORT AGENDA 1. CREATIVE ECOSYSTEM 2. CLUSTER COOPERATION 3. BUSINESS MODEL 4. TIERS OF SUPPORT - 6 PILLARS 5. CREATIVE BRATISLAVA CREATIVE ECOSYSTEM Not

490 views • 20 slides
MCDA-GIS integration: an application in GRASS GIS 6.4 Massei G.*, Rocchi L.*, Paolotti L.*,

MCDA-GIS integration: an application in GRASS GIS 6.4 Massei G.*, Rocchi L.*, Paolotti L.*,

MCDA-GIS integration: an application in GRASS GIS 6.4 Massei G.*, Rocchi L.*, Paolotti L.*, Greco S., Boggia A.* * Department of Economics and Appraisal, University of Perugia. Borgo XX Giugno 74, 06121 Perugia, Italy. Faculty of

730 views • 41 slides
CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup RECOMMENDATIONS TO THE TASK FORCE July 18, 2014 Each Behavioral Health Organization should provide rapid access to the following billable services along a

790 views • 9 slides
INTENS A Flexible Integration Platform for Application Software Ronald Tanner 31st January 2006

INTENS A Flexible Integration Platform for Application Software Ronald Tanner 31st January 2006

Semafor Informatik &amp; Energie Architecture and Features Application Example: Vehicle Engineering Engineering Database Configuration Examples INTENS A Flexible Integration Platform for Application Software Ronald Tanner 31st January 2006

559 views • 19 slides
Sub-topics Application(s) of Industrial Waste(s)/By-products Coal residues Fly ash

Sub-topics Application(s) of Industrial Waste(s)/By-products Coal residues Fly ash

Applications of Industrial Waste(s) Sub-topics Application(s) of Industrial Waste(s)/By-products Coal residues Fly ash Silica Fumes Rubber tiers Glass (Aggregates) Dredged material Need for Characterization (of

1.15k views • 30 slides
Leveraging Value Locality in Optimizing NAND Flash-based SSDs Aayush Gupta , Raghav Pisolkar,

Leveraging Value Locality in Optimizing NAND Flash-based SSDs Aayush Gupta , Raghav Pisolkar,

Leveraging Value Locality in Optimizing NAND Flash-based SSDs Aayush Gupta , Raghav Pisolkar, Bhuvan Urgaonkar and Anand Sivasubramaniam Computer Systems Lab The Pennsylvania State University 1 Agenda Relook at Locality Another

485 views • 32 slides
Next-Generation Secure Public-Key Infrastructures Pawe Szaachowski Network Security Group,

Next-Generation Secure Public-Key Infrastructures Pawe Szaachowski Network Security Group,

Next-Generation Secure Public-Key Infrastructures Pawe Szaachowski Network Security Group, ETH Zrich Public Key Infrastructure (PKI) Scalability issues with symmetric crypto Distribution Challenges in managing n secrets

757 views • 39 slides
A Two-way Path between Formal and Informal Design of Embedded Systems Mingshuai Chen 1 , Anders P.

A Two-way Path between Formal and Informal Design of Embedded Systems Mingshuai Chen 1 , Anders P.

Background From HCSP to Simulink Case Study Correctness Justification Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A Two-way Path between Formal and Informal Design of Embedded Systems Mingshuai Chen

552 views • 43 slides
Benchmarks and Quality Evaluation of CAS ACA 2016 Kassel Germany Albert Heinle Symbolic

Benchmarks and Quality Evaluation of CAS ACA 2016 Kassel Germany Albert Heinle Symbolic

Benchmarks and Quality Evaluation of CAS ACA 2016 Kassel Germany Albert Heinle Symbolic Computation Group David R. Cheriton School of Computer Science University of Waterloo Canada 20160801 1 / 16 Correct Benchmarking of CAS

313 views • 20 slides
NEW TECHNOLOGY OLD LAW: SOME LEGAL CHALLENGES OF SELF-DRIVING VEHICLES ROBERT W. PETERSON

NEW TECHNOLOGY OLD LAW: SOME LEGAL CHALLENGES OF SELF-DRIVING VEHICLES ROBERT W. PETERSON

NEW TECHNOLOGY OLD LAW: SOME LEGAL CHALLENGES OF SELF-DRIVING VEHICLES ROBERT W. PETERSON PROFESSOR OF LAW DIRECTOR, CENTER FOR INSURANCE LAW AND REGULATION SANTA CLARA UNIVERSITY WHATS IN A NAME ? Autonomous, automated, or

782 views • 24 slides
CS 2104 Introduction to Problem Solving Test Your Mind Faryaneh Poursardar Virginia Tech Slides

CS 2104 Introduction to Problem Solving Test Your Mind Faryaneh Poursardar Virginia Tech Slides

CS 2104 Introduction to Problem Solving Test Your Mind Faryaneh Poursardar Virginia Tech Slides based on the Problem Solving and Comprehension book Goals: I ncrease the students power to analyze problems Learn to recognize and

1.41k views • 20 slides
Extending the GVW Algorithm to Local Ring Fanghui Xiao Key Laboratory of Mathematics

Extending the GVW Algorithm to Local Ring Fanghui Xiao Key Laboratory of Mathematics

Extending the GVW Algorithm to Local Ring Fanghui Xiao Key Laboratory of Mathematics Mechanization, Academy of Mathematics and Systems Science, CAS Joint work with Dong Lu, Dingkang Wang and Jie Zhou July 16-19, 2018, City University of New

571 views • 39 slides
Algebraic structures as typed objects Heinz Kredel, University of Mannheim Raphael Jolly,

Algebraic structures as typed objects Heinz Kredel, University of Mannheim Raphael Jolly,

Algebraic structures as typed objects Heinz Kredel, University of Mannheim Raphael Jolly, Databeans CASC 2011, Kassel Overview Introduction Algebraic structures as typed objects Ring elements and ring factories, algorithms and factories

592 views • 38 slides

More recommend