CAS Single Sign On naito@math.nagoya-u.ac.jp naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 1/32
Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 2/32
CAS & CAS 2 CAS Yale Open Source software Authentication JA-SIG Official Project Authorization (CAS 2 ) Single Sign On naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 3/32
CAS 2 https://mynu.jp/ http://tomcat.math.nagoya-u.ac.jp/test/ Single Sign On. naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 4/32
CAS (CAS 2 ) Server (including CAS client) (over Tomcat) Directory Server (example ) Ticket Granting Cookie () Service Ticket (ST) naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 5/32
CAS (CAS 2 ) Login &ST ST ST One Time Ticket ST Authentication, ST Authorization ST Varidation Application Timeout Session Timeout Logout naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 6/32
CAS (1: Login (1)) 1 1. Access to https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 7/32
CAS (1: Login (2)) 1 2 2 Login Window 2. Redirect to https://cas/login&service=https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 8/32
CAS (1: Login (3)) Service Authorization Authentication 3 Login Window 3. Input UserID & Password with service https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 9/32
CAS (1: Login (4)) AA Results 3 4 ST 4. Send Ticket Granting Cookie to Browser naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 10/32
CAS (1: Login (5)) ST AA results 5 5 5. Redirect to https://afqdn/a.html&ticket=st-xxx naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 11/32
CAS (1: Login (6)) 6 Authorization ST 5 5 6. Verify Service Ticket naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 12/32
CAS (1: Login (7)) 6 AA Authorization Result 7 7. Receive verify result form CAS server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 13/32
CAS (1: Login (8)) 7 8 8. Receive Data from Application Server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 14/32
CAS ( ) Login JavaScript/HTTP redirection visible Login Window naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 15/32
CAS (2: Verify Ticket) Login ST Authorization Service Class count down timer ST Timeout Login redirection Authorization ST naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 16/32
CAS (2: Verify Ticket (0)) ST naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 17/32
CAS (2: Verify Ticket (1)) ST 1 1. Access to https://afqdn/a.html&ticket=st-xxxxx naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 18/32
CAS (2: Verify Ticket (2)) Service Authorization 2 ST 1 2. Verify ticket=st-xxxxx with service=https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 19/32
CAS (2: Verify Ticket (3)) 2 Authorization Authorization results 3 3. Get authorization results and user infomation naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 20/32
CAS (2: Verify Ticket (4)) 3 4 4. Reply from naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 21/32
Verify Ticket Verify Ticket CAS client CAS client (Original CAS) Ticket Validation ID CAS client (CAS 2 ) Ticket Validation Application CAS client naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 22/32
CAS (3: Access to another Application) Ticket Granting Ticket Service Ticket Service Ticket Timeout Service Class Ticket Granting Cookie Service Ticket naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 23/32
CAS (3: Access to another Application (0)) no ST, ST is expired or ST is belonged to different ACCESS CLASS naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 24/32
CAS (3: Access to another Application (1)) 1 1. Access to https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 25/32
CAS (3: Access to another Application (2)) 1 2 4. Redirect to https://cas/login&service=https://afqdn/a.html naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 26/32
CAS (3: Access to another Application (3)) ST Service Authorization Authorization results 3 2 1 3 5. Redirect to https://afqdn/a.html&ticket=st-xxx naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 27/32
CAS (3: Access to another Application (4)) 4 Authorization ST 3 3 6. Verify Service Ticket naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 28/32
CAS (3: Access to another Application (5)) 4 Authorization Authorization Result 5 7. Receive verify result form CAS server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 29/32
CAS (3: Access to another Application (6)) 5 6 8. Receive Data from Application Server naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 30/32
CAS Single Sign On CAS client module 4000 / Sun Fire V480 (1.0GHz UltraSPAC III Cu x 2) 4.0GB Memory Solaris 8 naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 31/32
Federated CAS CAS Version 3 naito@math.nagoya-u.ac.jp, Aug. 19, 2005 NII p. 32/32