CAS Gateway authentication
ENTR:Main Scenario ENTR:Extensions ENTR:Notes ENTR:References ENTR:Associated Modules ENTR:Implementations ENTR:Advice and ExperienceENTR:Contributors
Goal: Enable use of CAS gateway feature to allow Sakai to take maximum advantage of CAS SSO for providing the most valuable content to a user that it can on the first screen that user sees.
Version: ?
DG Priority: ?
Status: back of napkin
Scope: ?
Preconditions: ?
Success end: When a user navigates to Sakai having already established a CAS SSO session, Sakai uses the CAS gateway feature to detect participation in the SSO session, authenticate, and take the user directly to the more valuable authenticated content. If no SSO session in place, present non-logged-in view as usual.
Failed end: ?
Actors: ?
Primary Actor: ?
Trigger: ?
Security Concerns:
Logging: At higher logging levels, something to log is the result of each gateway check to profile how many users' experiences are actually improved by this feature.
Performance Concerns: Adds a trip to CAS on the first request to Sakai. Implemented badly, adds a round trip to CAS on every request (let's not do that.)
Replaces the unauthenticated default user experience with the personalized, customized, authenticated user experience on the very first request to Sakai where possible. User need not click "log in" to log in when already participating in an SSO session. If not participating in an SSO session, user sees non logged in user experience per usual and continues to have opportunity to log in.
JA-SIG Central Authentication Service, Yale Java CAS Client library?
Gateway is a little thorny to get right in terms of session management, but is certainly feasible (especially with the talent available in the Sakai community!)
Contributors
Name <email> |
Institution |
Notes |
---|---|---|
initial notes |