Jakob, I'll attempt to answer some of your questions :-)
Central Authentication Server versions 1.x and 2.x were originally Yale produced open source products. In 2004 Yale and Rutgers started collaborating on CAS 3.x under the JASIG banner. CAS 3.x is the currently developed version. While the three different versions can all speak the same protocol (CAS 1 and CAS 2), CAS 3 includes some of significant enhancements over the previous iterations: * Support for Services Management * Google Accounts support * OpenID Support * SAML 1.1 support * Flexible Architecture & Well-defined extension points * Huge collection of pluggable authentication handlers * Pluggable login flow for processing various credentials CAS is merely an authentication service and thus applications need to handle their own authorization. Out of the box, CAS does support applications deployed across multiple domains without issue. Both CAS 2 & 3 support CAS logout, which means killing the CAS SSO session. CAS 3 has started to include support for CAS notifying other applications that the session has ended. However, support for that is not widespread yet. Finally, CAS 2 does not support application registration. CAS 3 has that as an optional feature (you can use it if you want, otherwise it operates without it). Hope that helps. -Scott -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia On Dec 13, 2007 9:12 AM, Jakob Külzer <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello list, > we are currently working on an article about JA-SIG CAS for the > german JavaMagazine and i got most of the article up and standing, > but there are some questions left open so far. I hope this is the > correct list to ask such questions -- if not, please excuse me for > being so bold and be so kind and forward it to the correct list. > Thank you! > > But back to topic, my first question is about the history and status > of the CAS project. I'm quite confused about CAS version 2 (and as > we focus on version 2 in the article, i'm keen on getting this > right). If i read the web site and parts of the mailing list > correctly, the yale distribution of CAS and the JA-SIG distribution > are roughly the same. Is this correct? If not, what is the difference? > > CAS is an authentication service and therefore does not offer any > authorization functionality; so the philosophy for performing > authorization is to create a custom component that does authorization > based on the username provided by the CAS authentication? > > What about Cross Domain SSO? This should not be a problem as no > cookies are involved but all ST's and PT's are transmitted via GET- > requests. Do you know of cases where a CAS based CDSSO has > successfully been introduced? > > My next question is about the logout functionality. CAS version 2 > supports logout, but can only enforce deletion of the TGC and > destruction of the session of the application requesting the logout > while all other authenticated session remain intact. So may i > conclude there is no "global logout" for CAS 2 (at least vanilla CAS)? > > My final question: Is it correct that basically every service may > participate in a CAS based SSO network without any ... well ... > registration? I found a page in the deeps of the wiki concerning this > (http://www.ja-sig.org/wiki/display/CAS2/Registered+services%2C+Global > +logoff%2C+Service-specific+includes) but it's not part of vanilla > CAS 2? > > Please correct me if i got anything wrong, i'd hate to write some > wrong facts about your great project. :) > > Thank you very much in advance for all answers. > > Regards, > - --------- BEGIN SIGNATURE ---------- > Jakob Külzer > OPTIMAbit GmbH, Amtsgericht Muenchen HRB 154057, Geschaeftsfuehrer > Dr. Bruce Sams > Weidenweg 2 85375 Neufahrn GERMANY > mail: [EMAIL PROTECTED] > tel: +49 (0) 8165 65095 > web: www.optimabit.com > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (Darwin) > > iD8DBQFHYT3DLFnyZ4/kHZ4RAmWnAJ98qX2v7e2WwITLA/VbVDKhQ1/M4ACfcfiD > ugm1R3f+5jMhFmVDtxQQuhU= > =FKSl > -----END PGP SIGNATURE----- > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
