Central Authentication Service (CAS) Team 6a Final Paper

The Central Authentication Service (CAS) is a single sign-on protocol for the web applications. It is simple, flexible, and
extensible open source single sign-on for the enterprise applications and web pages. Single sign-on provides user
convenience, as it protects against both credential proliferation and password exposure, and centralizes the institutional
log-in experience. CAS has been deployed at universities, non-profits, non-governmental organizations, governments,
small businesses, and large corporations around the world.CAS client software can be built upon different software
libraries like MySQL, Linux, Apache HTTP Server, XML and much more.

CAS SDLC Architecture

CAS is a system which provides SSO mainly for web applications. It consists of two components: The CAS Server and the
CAS Client. The CAS server authenticates user against a user database and provides this information to the clients. The
CAS client is inserted before a web application to make sure, that only authenticated users have access. The client is
available for many platforms like PHP and Perl.

CAS Communication Diagram

Process Controls and Management

CAS system architecture has two protocols CAS server and CAS clients. The CAS server is built on the Java Framework
whose primary responsibility is to authenticate users and grant access to CAS-enabled services, commonly called CAS
clients, by issuing and validating tickets. Whereas, CAS client is any CAS-enabled application or software package that
can communicate with the server via a supported authentication protocol. Activity Diagram can be shown as:-

1: Authenticates with CAS first to get the username from database MySQL or LDAP. CAS now retains the sessions and
can automatically respond to other applications with this username without the need to login again.
2: Once CAS gets the username from database, use the service ticket in your MySQL database that is assigned to you to
do a non-anonymous search to get extra access details about the user. CAS Framework is shown below:-

CAS Requirements and Plan

1. Apache Tomcat Server: - The primary function of Apache web server is to deliver web pages on the request to
clients. It is the program on the server that the client "talks to" to fetch web pages, when you go to a web site,
Firefox/Safari/Internet Explorer asks the computer that web site is on for the web page.
To start and stop the tomcat run this command in terminal
# /path to apache tomcat/bin/startup.sh
# /path to apache tomcat/bin/shutdown.sh
2. Apache Maven and Java SDK: - Maven is a build automation tool used primarily for Java projects. Maven
addresses two aspects of building software: First, it describes how software is built, and second, it describes its
dependencies.
apt-get install maven
apt-get install sun-java6-jdk
3. MySQL database(Data Dictionary): - Oracle MySQL Relational Database Management Systems (RDBMS) to
manage usernames and passwords contained within the databases
apt-get install MySQL
Next, we need to create a MySQL table for holding these usernames and passwords. I used the following SQL
commands for this:
CREATE DATABASE cas_login;
CREATE TABLE user_login (userID int AUTO_INCREMENT PRIMARY KEY,username varchar(100),);
GRANT SELECT,UPDATE ON users TO 'cas_server'@'localhost' IDENTIFIED BY '<password>';
INSERT INTO user_login(username, password) VALUES ('aakash',MD5('bhatia'));
Passwords are stored MD5 algorithm used to verify data integrity.
4. Next build the CAS server with the command:

mvn package install

CAS Use Case Diagram with Flowchart

User Scenarios
If the user is able to access the login form ticket granting access is created, this can be checked in cas.log:=============================================================
WHO: [username: aakash]
WHAT: supplied credentials: [username: aakash]
ACTION: AUTHENTICATION_SUCCESS
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Dec 04 12:14:18 EST 2014
CLIENT IP ADDRESS: 148.100.163.150
SERVER IP ADDRESS: 10.13.8.182
=============================================================
And if the credentials are wrong, i.e. authentication gets failed no ticket is generated through CAS: =============================================================
WHO: [username: aakash]
WHAT: supplied credentials: [username: aakash] error.authentication.credentials.bad
ACTION: AUTHENTICATION_FAILED

ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Thu Dec 04 12:19:14 EST 2014
CLIENT IP ADDRESS: 148.100.163.150
SERVER IP ADDRESS: 10.13.8.182
Component Diagram with States