How to Implement SSO

Question

I want to implement SSO Single Sign On .
I found a lot of links and articles talking about CAS OpenID and many different things ,I\'m really lost
so should i use CA

Answer 1

CAS is a popular implementation of SSO, so installing CAS server is a good first step. You'll need a server for anything you're planning, and you can check that it's working without having any other pieces in place (there are instructions in the INSTALL.TXT file that comes in the distribution). The same can't be said for any CAS clients you intend to write.

Once you have CAS server up and running, you have two main tasks left:

1. Create or modify your app to be a CAS client
2. Replace the default authentication handler with a useful one

If you're like me, you want to see this thing in action as quickly as you can (or have something to show your manager). In that case, tackle step 1 first, but don't start with the real app. Just do a quick Hello World. There are specific instructions for this at https://wiki.jasig.org/display/CASUM/Demo. You've already got Tomcat installed, so skip steps 1 and 3. If you've also enabled HTTPS you can skip steps 2 and 4 as well and go straight to step 5. Once you get this going, you'll have a pretty good idea of what you need to do for the real app, assuming you will be implementing your CAS client in Java.

You need to do step 2 because the default authentication handler is only useful for demonstration. Any matching userid / password (e.g. hello / hello) will authenticate successfully. You will probably be authenticating either against a SQL database or a directory such as Active Directory or an LDAP server. CAS includes authentication handlers for all these use cases as well as others, but Jasig organizes these as sub-projects so you'll have to do a Maven build from source to use any of them (which is a big pain in the ass if you ask me). Documentation on how can be found at https://wiki.jasig.org/display/CASUM/Authentication, but if you're already set up with Maven, it's not so bad. Just add a dependency to the included pom.xml file and do your build.

SSO can be hard to get your head around if you're new to it, so take small steps and take time to understand what you're doing. The best expanation of CAS I've seen by far is at https://www.purdue.edu/apps/account/html/cas_presentation_20110407.pdf. It gives concrete details including typical server log entries, details of the requests and responses and a very clear diagram of the overall flow. It should be all you need to understand what's going on.

Good luck.