Efficacy of Central Authenticating Service (CAS)
Efficacy of Central Authenticating Service (CAS)
Overview
Security of data & services is of utmost importance in the new & emerging world of internet economy. Whether it is internal or external customer facing applications the system has to be made secure. Businesses may be using IT –enabled processes or interacting with partner applications over the network.
The objective for securing these systems would be to protect the data and the services and ensure that the corporate information remains private. This also provides fault-free services to end users.
An authentication service that can verify user login is critical to securing every application of the enterprise. If the enterprise has one or more of such applications, it’s beneficial to have a common central authentication service (CAS) that can provide access to only authorized users.
Why CAS?
In most organizations and companies, employees and customers can utilize a range of services that require authentication, so as to prevent access by unauthorized persons. Such services include email, calendars, Wi-Fi access points, customer portals or logins to workstations. Many of these systems come with integrated user management.
1.Using independent authentication & authorization service for each application not only increases the complexity of managing access but also duplication of data with independent login & password for each application, which the end user often finds it difficult to remember.
2.Using the same password for multiple services compromises the security, because hacking a single password leads to accessing multiple services & applications.
4.The large volume of user accounts and frequent requests to reset forgotten passwords also translates into a lot of extra effort for administrative staff.
5.Across the various applications, a range of different rules apply in terms of password strength and change frequency (password policy).
6.Every application with integrated user management is an attack vector for hackers.
7.If a Single Sign on system is used, participating applications do not touch the end user’s password and therefore cannot expose this password if they are compromised.
8.CAS also enables proxy authentication.
For the above cited reasons, a centralized authentication service is more beneficial in providing enterprise level security when the user uses one or more services/applications of the enterprise.
What is CAS?
JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution with a Java server component and various client libraries written in a multitude of languages including PHP, PL/ SQL, Java, and more.
CAS is a http based protocol that requires each of its components to be accessed through different URIs.Single sign on is a session/ user authentication process that allows a user to provide his or her credentials once in order to access multiple applications.
CAS Supporting Technologies
CAS provides enterprises, a single sign on service, which is an open, well-documented protocol, an open-source Java server component, a library of clients for Java, .net, PHP, Perl, Apache, uPortal, and others, integrates with uPortal, Blue Socket, TikiWiki, Mule, Liferay, Moodle and others; offers community documentation and implementation support, and includes an extensive community of adopters.