Understanding Single Sign-On (SSO) Security with CAS for Enhanced User Authentication
Single Sign-On (SSO) is a mechanism that allows users to authenticate once to gain access to multiple systems without re-entering passwords, thus reducing human error. At Qaforum, we implement CAS (Central Authentication Service) from the Jasig project to enable SSO, leveraging open-source technology. Our SSO workflow incorporates crucial security measures like HTTPS for login, RSA algorithm for encryption, and encrypted passwords for database users. SSO supports three user types and carefully manages cookies, ensuring user privacy and streamlined access.
Understanding Single Sign-On (SSO) Security with CAS for Enhanced User Authentication
E N D
Presentation Transcript
What’s SSO • Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error. • Qaforum adopt CAS (Central Authentication Service) from Jasig project as sso. It’s an open source project at http://www.jasig.org/cas/
Security measure • Use https for login process • Before submit to login, system will encrypt the username/password with RSA algorithm • 3 types users, users in db, users in silvercompldap, users in ciscoad. For users in db, their password is encrypted by md5 algorithm. For other two types, we do not keep the password in db, query the ldap/ad directly. • Cookie does not keep any information of users. If user want to use Remember Me feature, only one cookie is kept in user’s browser, which contains the ticket composed by uid. (TGT-114-gqP60KOfeGkxJuK4VAvkEpDviqFGX6lsPWZn7pAXUPKXYZXT2q-qaforum.webex.com)
