CAS and Shibboleth : Open Source Your Identity
Claremont McKenna College is part of the consortium of Claremont Colleges. These private colleges are individually governed and each maintains their own, different directory service. This works well until we attempt to share common resources between the colleges. While there are available solutions for identity management and authentication, many of them are proprietary, require some infrastructure changes, and/or come at a heavy cost.
Central Authentication Service (Jasig CAS) and Shibboleth fit a common need among the colleges so that common services could be accessed through our federated authentication systems without modifying our existing infrastructure between the colleges. The marriage of CAS and Shibboleth running on top of a core Linux/MariaDB stack, offered a solution that limited our costs while providing great flexibility. Utilizing MariaDB and tomcat6 allowed for greater portability and scalability to keep this mission-critical platform reliable. We will briefly cover a replication strategy deployable in Rackspace's Cloud Server environment.
We integrated CAS and Shibboleth by "CASifying" to maximize our flexibility and ease-of-use, by allowing internal developers to harness the simplicity of CAS, while using Shibboleth to negotiate with 3rd party behemoths like Google and Box.com while acting as a gatekeeper for our internal data store. As such, we will cover the workflow for CASifying apache (using mod_auth_cas) and PHP-based webapps (using phpCAS), as well as a typical workflow for integrating Shibboleth as an SSO for a 3rd party vendor.
This talk is not a step-by-step development tutorial, but rather showcases a particular implementation that demonstrates the great flexibility and value of the platforms.