CAS
Introduction:
CAS is service which provides Central
Authentication. We can authenticate users who are belongs to many application
from CAS. We deploy CAS in application server we can use this CAS server for
all our applications to do authentication.CAS is best solution for Single Sign
On and Single Sign Out.
If we have multiple web applications then we need not
provides authentication in each application instead of that we use CAS to
authenticate users and user may belongs to any application.
To do so we need to create multiple data sources for
CAS so that CAS can authenticate against configured data sources.
We can configure different kind of data sources to
CAS like JDBC data source which connect to relational data bases and LDAP data
sources which can connect to LDAP servers. Apart from LDAP and JDBC CAS can
support many.
We already know CAS is service and we will have
client to consume or use service. So that CAS is providing different types of
clients to support cross platform application.CAS providing many clients to
support in many applications.
How
CAS is working?
CAS is ticket based service. Which is working based
on tickets and its validation.
Initially
when user send his/her credentials to CAS for authentication it will provide TGT
(Ticket Granting Ticket) when user find in data source or we can say after
successful authentication by CAS.
Once we get
TGT we will pass TGD and Service URL to CAS then it will give Service Ticket
and redirecting to URL which we provided as service URL and service ticket
stored in Cookies.
When we redirecting to Service URL/Client Application then client will obtain the service and it will send service ticket and client application URL to CAS to validate on behalf of application URL.
If the validation successful then it will return
user principles (username/password) then client application create session for
user in applications.
In the application we will use CAS client library
for obtain service tickets and validate the tickets on behalf of client application
URL/service URL.
Note:
Service URL is nothing but current client application
URL for which we are using CAS service.
Generally we use CAS login URL with username user
password and service URL to get service ticket
How
does liferay support CAS?
Liferay already have CAS client inbuilt so that we
need pass CAS service information so that we can enable CAS service in liferay.
These are just administration configuration in liferay once we ready with CAS
server.
What is SSO?
SSO is Single Sign On service means if we have
multiple applications we need not to provide user credentials in each
application instead of that we will authenticate the user with CAS and we will
use CAS tickets to login into other application here user don’t need enter
credentials for each application login.
Note:
To implement CAS SSO we need to use https protocol.
SSO need secure protocol. Https use Secure Socket layer mechanism to send data
from server to client.
How
SSL is working?
To enable SSL to server we need to create SSL
certificates and add those cerficates in Server JRE environment. Generally all certificates
available in jre\lib\security directory.SSL
certificate having public and private keys along with one of encryption algorithm
like RSA, SHA
In real environment we need to purchase these SSL
certificates from vendors they will give us SSL certificates.
For our Development environment we will create self
signed SSL certificates using java key tool or other tools like open SSL tools.
How
does https work?
When we are using HTTPS protocol then data transfer from
server to client encrypted by SSL certificates with help of public key, private
key and encryption algorithm.
When the scenario like CAS server and Client Application
reside in two different machines or two different servers which are using different
JRE then we need to share same certificate with tow servers JRE. Otherwise we will
get encryption decryption problems i.e. SSL hand shaking problem
(PKIX exception).
When data comes from one server to other server then
we need use same public key, private key and same algorithm required to decrypt
or encrypt the data that is why we need to share same SSL certificate with tow
server environments.
Now we will have enough information about CAS. Now
we are using in liferay. We already know CAS is service and liferay is client
to use CAS service. Liferay already have CAS client support.
The following are the required steps to integrate
CAS in Liferay.
- Create CAS server with JDBC support
- Create SSL certificate using java key tool
- Add SSL certificate to Server JRE
- Configure CAS server information In Liferay
Author
Meera
Prince
0 comments :
Post a Comment