single sign on and authorization
play

Single Sign On and Authorization Infrastructure using CAS 2 Shoji - PowerPoint PPT Presentation

Aug 15, 2023 •129 likes •303 views

Single Sign On and Authorization Infrastructure using CAS 2 Shoji KAJITA (Information Technology Center, Nagoya University) and Hisashi NAITO (Graduate School of Mathematics, Nagoya University) Jan. 22 2006, APAN 21st Conference p. 1/16

  1. Single Sign On and Authorization Infrastructure using CAS 2 Shoji KAJITA (Information Technology Center, Nagoya University) and Hisashi NAITO (Graduate School of Mathematics, Nagoya University) Jan. 22 2006, APAN 21st Conference – p. 1/16

  2. Plan of Talk Short introduction for CAS and CAS 2 Authentication mechanism of CAS and Authorization mechanism of CAS 2 “Nagoya University Portal” using CAS 2 Summary Jan. 22 2006, APAN 21st Conference – p. 2/16

  3. What is CAS & CAS2 CAS Single Sign On Environment for Web Applications Open Source software depeloped by Yale University CAS 2 We extends to Authorization Environment for Web Applications CAS 2 controls Access Rights for each Web Application WHO WHEN from WHERE Jan. 22 2006, APAN 21st Conference – p. 3/16

  4. Usual Authentication and Authorization Web Application must includes AuthN & AuthZ codes Web Browser Web Application directly accesses to USER DB to obtain User Informations 1 Web Application has a password to access to USER DB Web Application 2 USER DB Jan. 22 2006, APAN 21st Conference – p. 4/16

  5. Mechanism CAS and CAS2 USER DB Web Application CAS Server Web Browser Jan. 22 2006, APAN 21st Conference – p. 5/16

  6. Mechanism CAS and CAS2 USER DB Web Application CAS Server Login Window Web Browser Jan. 22 2006, APAN 21st Conference – p. 6/16

  7. Mechanism CAS and CAS2 USER DB Service Authorization Authentication Web Application CAS Server Login Window Web Browser Jan. 22 2006, APAN 21st Conference – p. 7/16

  8. Mechanism CAS and CAS2 USER DB AA Results Web Application CAS Server Web Browser TGC ST Jan. 22 2006, APAN 21st Conference – p. 8/16

  9. Mechanism CAS and CAS2 USER DB ST AA results Web Application CAS Server Web Browser TGC Jan. 22 2006, APAN 21st Conference – p. 9/16

  10. Mechanism CAS and CAS2 USER DB Authorization Web Application CAS Server ST Web Browser TGC Jan. 22 2006, APAN 21st Conference – p. 10/16

  11. Mechanism CAS and CAS2 USER DB AA Authorization Result Web Application CAS Server Web Browser TGC Jan. 22 2006, APAN 21st Conference – p. 11/16

  12. Mechanism CAS and CAS2 Ticket Granting Cookie (TGC) If Browser has TGC, Browser is Authenticated Service Ticket (ST) One Time Ticket for accessing to Web Application Including Authorization Information If ST is valid, the access is Authorized Jan. 22 2006, APAN 21st Conference – p. 12/16

  13. Authorization Mechanisum of CAS2 Data Base for Authorization (CAS-ACL) CAS-ACL is Access Permission Lists of FOR WHICH Web Application (target URL) WHO (User Information) WHEN (Access Time) FROM WHERE (Client Information) ST has an information that the access matches which entry of CAS-ACL Jan. 22 2006, APAN 21st Conference – p. 13/16

  14. Example of CAS-ACL dn: cn=entry1,ou=gakumu,ou=cas,o=nagoyaUniv cas-allow: (&(uid=naito)(date>=20051010) (date<=20051110)(IP=133.6.130.0/24)) cas-service: https://app.*\.mynu\.jp/.+ cas-attributes: uid,mailAddress,IdNo,FullName,dn When URL matches to https://app.*\.mynu\.jp/.+ uid is naito Access time is between 2005/10/10 and 2005/11/10 Client IP: 133.6.130.0/24 then the access is granted. CAS Server send User information uid,mailAddress,IdNo,FullName,dn to the Web Application Jan. 22 2006, APAN 21st Conference – p. 14/16

  15. CAS2 in Nagoya University Web Applications using CAS 2 in Nagoya University Nagoya University Portal Course Registration System 10000 Students and 2000 Faculties Researcher Database 2000 Faculties Web CT · · · These Applications are Single Sign On Access Controled by CAS 2 Jan. 22 2006, APAN 21st Conference – p. 15/16

  16. Summary CAS 2 is easy to use: Easy to construct Single Sign On Environment Easy to construct Unified Authorization Environment Easy to modify Application to use CAS: Only modify to use CAS client module for Authentication and Autorization ONLY SSL for encryption CAS 2 is secure: Web Application does not handle Authentication Information Web Application does not directly access to USER DB Jan. 22 2006, APAN 21st Conference – p. 16/16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms Pavel Slav ek, pavel.slavicek@qbizm.cz Brno, The Czech Republic, 2. 5. 2008 Content Single sign-on introduction (SSO) Introduction to

959 views • 24 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga Artiaga Ernest CERN - - OpenLab OpenLab Security Workshop Security Workshop April 2004 April 2004 CERN Outline Outline Motivation and

352 views • 23 slides
Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org + GitHub + LinkedIn = DANGUR Enterprise level user account costs Administration Setup Retire Support Password resets

669 views • 24 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The

Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The

Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor support for authentication in

917 views • 34 slides
Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual

Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual

Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual Research Community Marc van Dijk , Andrea Giachetti, Marco Verlato, Antonio Rosato, Alexandre Bonvin EGI Technical Forum 2012 zondag 16 september 12

413 views • 13 slides
Search for four-top-quark production in in the single-lepton and opposite-sign dilepton final

Search for four-top-quark production in in the single-lepton and opposite-sign dilepton final

Search for four-top-quark production in in the single-lepton and opposite-sign dilepton final states in in pp pp collisions at at = 13 13 TeV with the ATLAS detector MOHAMMED FARAJ UNIVERSITA DI UDINE/INFN TRIESTE -GRUPPO COLLEGATO

601 views • 23 slides
Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old approach in multiple systems SSO Security Benefits Common SSO based configurations Examples of SSO usage Conclusion 15/12/11

379 views • 16 slides
70 th Avenue East Bridge Relocation Project ILA Action requested Request authorization for the

70 th Avenue East Bridge Relocation Project ILA Action requested Request authorization for the

Item No.: 5A Date of Meeting: December 20, 2018 70 th Avenue East Bridge Relocation Project ILA Action requested Request authorization for the Chief Executive Officer to sign an interlocal agreement (ILA) with the Washington State Department

328 views • 16 slides
Single Sign-On for the Internet: A Security Story eugene@tsyrklevich.name vlad902@gmail.com

Single Sign-On for the Internet: A Security Story eugene@tsyrklevich.name vlad902@gmail.com

Single Sign-On for the Internet: A Security Story eugene@tsyrklevich.name vlad902@gmail.com BlackHat USA, Las Vegas 2007 How do you manage your 169 Web 2.0 accounts today? Does your SSO consist of A login (e.g. johndoe) + 2

599 views • 46 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
of Workstation Single Sign-On George A. Gellert, MD, MPH, MPA Associate CMIO, CHRISTUS Health

of Workstation Single Sign-On George A. Gellert, MD, MPH, MPA Associate CMIO, CHRISTUS Health

Clinical Impact and Value of Workstation Single Sign-On George A. Gellert, MD, MPH, MPA Associate CMIO, CHRISTUS Health San Antonio, Texas The Challenge: Providers using EHRs must maintain the security of protected health information and

588 views • 26 slides
What is Classlink? Classlink is a single sign on solution for Hamilton County Schools staff and

What is Classlink? Classlink is a single sign on solution for Hamilton County Schools staff and

What is Classlink? Classlink is a single sign on solution for Hamilton County Schools staff and students. - One place to log in and access websites and resources 2 Lets Log In! 1. Use the classlink desktop icon pushed to your HCDE

668 views • 10 slides
The role of directories in Single Sign on Systems Victoriano Giralt Central Computing Facility

The role of directories in Single Sign on Systems Victoriano Giralt Central Computing Facility

The Dark Ages The Enlightenment The Industrial Revolution The XXI century Summary The role of directories in Single Sign on Systems Victoriano Giralt Central Computing Facility University of Malaga TERENA EuroCAMP Ljubljana April 3rd

1.39k views • 105 slides
PRIME PRime-focus Infrared Microlensing Experiment Daisuke Suzuki (ISAS/JAXA) Takahiro Sumi (PI,

PRIME PRime-focus Infrared Microlensing Experiment Daisuke Suzuki (ISAS/JAXA) Takahiro Sumi (PI,

( ) PRIME PRime-focus Infrared Microlensing Experiment Daisuke Suzuki (ISAS/JAXA) Takahiro Sumi (PI, Osaka U), D. Bennett, A. Kutyrev, R.K. Barry (NASA/GSFC), I. Bond

576 views • 21 slides
Financial Results Briefing for the First Half of the Fiscal Year Ending March 31, 2020 - Summary

Financial Results Briefing for the First Half of the Fiscal Year Ending March 31, 2020 - Summary

Financial Results Briefing for the First Half of the Fiscal Year Ending March 31, 2020 - Summary of Questions and Answers - Date and Friday, November 1, 2019 10:30 a.m. - 11:30 a.m. Time Presenter TOKAI Holdings Corporation President &amp;

391 views • 3 slides
Real Estate Market in Japan Ryuhei MORI Head of Global Marketing, Xymax Corporation Japan

Real Estate Market in Japan Ryuhei MORI Head of Global Marketing, Xymax Corporation Japan

Real Estate Market in Japan Ryuhei MORI Head of Global Marketing, Xymax Corporation Japan Investment Briefing 13 November 2012 | London Real Estate Market in Japan 2 Real Estate Market in Japan Past and Now Opportunity Unique Features

240 views • 21 slides
CHE Alaska call Wednesday, February 4 th , 2015 9:00 am Alaska Time (10:00 am Pacific; 1:00 pm

CHE Alaska call Wednesday, February 4 th , 2015 9:00 am Alaska Time (10:00 am Pacific; 1:00 pm

1 CHE Alaska call Wednesday, February 4 th , 2015 9:00 am Alaska Time (10:00 am Pacific; 1:00 pm Eastern) Dr. Philippe Grandjean on Chemical Brain Drain : on Chemical Brain Drain : Only One Chance - How Contaminants in our Environment Impair

284 views • 14 slides
1000 VISIONARY SME PROGRAMME No 1 Make In India No 2 Make In India Prof Shiba has been

1000 VISIONARY SME PROGRAMME No 1 Make In India No 2 Make In India Prof Shiba has been

1000 VISIONARY SME PROGRAMME No 1 Make In India No 2 Make In India Prof Shiba has been a Champion of Societal Manufacturing in India through CIIs VLFM/CSM Project; societal manufacturing was one of the key aspects when we formulated

304 views • 19 slides
Urbanism v retailing? David Rudlin I felt like a slight impostor when asked to talk about

Urbanism v retailing? David Rudlin I felt like a slight impostor when asked to talk about

Urbanism v retailing? David Rudlin I felt like a slight impostor when asked to talk about retailing. Im an urbanist not a retail planner and the latter is a specialist field as any retail developer will tell you. Us urbanists simply dont

850 views • 72 slides
Azrieli Group Ltd. Investor presentation Financial Statements 30.09.2010 November 24 th , 2010

Azrieli Group Ltd. Investor presentation Financial Statements 30.09.2010 November 24 th , 2010

Azrieli Group Ltd. Investor presentation Financial Statements 30.09.2010 November 24 th , 2010 CONVENIENCE TRANSLATION FROM HEBREW - Important Notice Set forth below, for your convenience, is a convenience translation into English of the

347 views • 24 slides
Full-year results 2014 Schiphol 5 February 2015 Highlights 2014 Transformational year: becoming

Full-year results 2014 Schiphol 5 February 2015 Highlights 2014 Transformational year: becoming

Full-year results 2014 Schiphol 5 February 2015 Highlights 2014 Transformational year: becoming the leading specialist in mid-sized shopping centres Operational excellence Adding to track record; all targets met or exceeded Portfolio:

816 views • 58 slides

More recommend