The University of New Mexico

Identity Management – Central Authentication Service (CAS)

By recooper | Published:
Viewing 2 reply threads
  • Author
    Posts
    • March 24, 2016 at 8:39 am #571
      recooper
      Participant

      Identity management has a very broad scope with two major components 1. Identity and access management (accounts) 2. Systems integration. The CAS SLA is meant to address the one of the many possible systems integration components. Additional services are available to address the systems integration component such as Active Directory.

      • This topic was modified 8 years, 1 month ago by recooper.
      Attachments:
      1. FINAL-Identity-Management-CAS.pdf
    • April 1, 2016 at 9:56 am #675
      elisha
      Participant

      CAS is definitely an Authorization service. I’m not sure it qualifies as an Identity Management service.

      Given the increased adoption of AD, what is the long term plan for CAS? Is there a convergence between the two services planned? If CAS is to continue, is there a documented way that we can address the secondary authorization question for sites and services using CAS using group membership?

      Where does LDAP fit into the service boundaries of CAS and AD?

    • April 1, 2016 at 2:51 pm #684
      bpietrewicz
      Keymaster

      The answers to these questions are complicated but I will attempt to simplify:

      Q: CAS is definitely an Authorization service. I’m not sure it qualifies as an Identity Management service.

      A: Agreed.  CAS is actually not authorization.  It is authentication.  CAS is listed as IDM because it is one of the tools that can be used to integrated systems to be able to use NetID.  If you have an application that you would like to authenticate using NetID, CAS of one of the tools available to do that.   

      Q: Given the increased adoption of AD, what is the long term plan for CAS? Is there a convergence between the two services planned? If CAS is to continue, is there a documented way that we can address the secondary authorization question for sites and services using CAS using group membership?

      A: CAS is a pass through mechanism for Authenticating NetID’s.  Currently it points at LDAP but it can be pointed of AD as well.  AD and LDAP are synchronized so either will handle authentication for NetID’s. CAS only does authentication.  It does not do authorization.  Therefore it does not take advantage of groups.  If you have an application that needs external authorization (groups), it would need to be integrated with AD or LDAP.    

      Q: Where does LDAP fit into the service boundaries of CAS and AD?

      A: CAS is tied to the NetID SLA in terms of boundaries in that it authenticates NetID’s.  

      I realize the answers to these questions are confusing/complicated.  If you have additional questions regarding how to authenticate or authorize an application or system using NetID, please put in a service request and we will walk you through the options.   

  • Author
    Posts
Viewing 2 reply threads
  • The topic ‘Identity Management – Central Authentication Service (CAS)’ is closed to new replies.