Domain: jasig.org
Stories and comments across the archive that link to jasig.org.
Comments · 9
-
Use CAS
Our university uses CAS SSO by JASIG. https://wiki.jasig.org/display... . It's nice because anyone can use it without having to get IT involved for their own pet projects and they never get a secret to maintain or permissions to setup like with AD or LDAP.
-
We use CAS as our web SSO
Google plays well with it and AD can be used as its back end. https://wiki.jasig.org/display...
-
Bedework
Hi,
The best tool depends on what are your primary needs about managing events (calendaring vs organizational).
If your needs are most about calendaring, Bedework ( http://www.jasig.org/bedework ) imho is the best open source calendaring solution (powerful and flexible public/private calendars, group calendaring, categories, CalDav, public event submision, repeatitive events, web and mobile clients, rss, based on standards, etc)
If your needs are more oriented to organize the events themselves (participants, volunteers, pay and registration, etc.) then civiCRM would do it fine.
HTH -
Re:Hand in the cookie jar
Just keep in mind that any application that has access the files on your computer (mainly the browser cookies) can bypass the 2-factor-auth. You just need to copy the cookie to another browser and BAM! - you're logged into Google.
You are confusing various unrelated items. (or maybe you're just oversimplifying things)
Just to clarify, authentication (2-factor or single factor) is separate from session management.
In addition, the application session is separate from the single sign on session.Although google doesn't use Jasig CAS, I think it's protocol is one of the easiest ways to get a more detailed understanding of SSO: http://www.jasig.org/cas/protocol
That protocol doc is actually quite readable. It differs from SAML in some respects, but it's a very similar process.I honestly haven't tested this with google services, but I believe (and hope) that if you take a gmail session cookie, and copy it to another browser, it will only get you access to gmail (and maybe not even that, if it's doing some additional tests... you may need to bring over other information and key identifiers). I'd be curious to see this attempted (it'd be easy to try). In any case, this is unrelated to the authentication.
In addition, that session cookie is unlikely** to be present in the cookie file, since it's a session cookie (lives as long as the browser session is active) and is a secure cookie (shared and only accepted over SSL). It's still possible to get to it if your'e on the local machine, but it's not as simple as opening a file and reading it out.
** "unlikely" as in, unless you told the service to remember your session somehow, which may be the case in some situations, like on mobile devices... I'm not sure. The default on the browser won't do this though.
-
Re:CAS
You'd think the government would be all over the Central Authentication Service.
-
Bedework, a CalDAV serverHave you tried Bedework?
Bedework is an open-source enterprise calendar system that supports public, personal, and group calendaring. It is designed to conform to current calendaring standards with a goal of attaining strong interoperability between other calendaring systems and clients. Bedework is built with an emphasis on higher education, though it can be (and is) used by many commercial enterprises.
-
Bedework, a CalDAV serverHave you tried Bedework?
Bedework is an open-source enterprise calendar system that supports public, personal, and group calendaring. It is designed to conform to current calendaring standards with a goal of attaining strong interoperability between other calendaring systems and clients. Bedework is built with an emphasis on higher education, though it can be (and is) used by many commercial enterprises.
-
Re:The tao of programming
I don't know... with crap like this: http://www.jasig.org/cas
a program will frustrate them for years to come try tying it to every other piece of software they use. -
Re:What about Shibboleth?
Jasig CAS is another good Apache 2 licensed SSO system. Both it and Shib even include support for true N-Tier proxied authentication.