Sessions at Open Apereo 2013 Conference (Jasig & Sakai) about Identity and Access Management on Wednesday 5th June Main Sessions, Showcase Demos

View as grid

  • A node.js module for CAS validation

    by James Marca

    A node.js module for CAS validation #

    This talk will present our node.js module for leveraging a CAS single
    signon service. The module is open source and available on GitHub, and
    we would love to see wider adoption and use of the module. Node.js is a
    new-ish server platform that is gaining in popularity because it is
    based on JavaScript.

    We needed to write our own node.js module to integrate with the
    [Express] (http://expressjs.com/) web framework because at the time none
    of the other available modules enabled single sign off. We started with
    a simple service that verified whether a user was logged in to the CAS
    server, and gradually expanded its functionality.

    While the focus of the presentation will be on describing our CAS
    client, a broader goal is to introduce node.js to an audience who may be
    familiar with client-side JavaScript, but not with server-side.

    At 9:00am to 9:45am, Wednesday 5th June

    In Opal, The Westin San Diego

  • RESTful CAS: Leveraging CAS to Protect RESTful Resources and Support Non-browser Clients

    by David Ohsie, Vijayanand Bharadwaj and John Field

    CAS has a wonderfully simply protocol for delegated authentication and single-signon for browser based access to web applications. However, the same protocol may stymie the non-browser and programmatic clients commonly found in RESTful architectures. The CAS login form is fine for humans behind a browser, but programmatic clients and human users using non-browser interfaces such as a CLI (Command Line Interface) and, to some degree, AJAX clients will face difficulties. Such clients may avail themselves of the CAS RESTful login interface, but only if they know in advance to exactly when pre-authenticate; otherwise they will be unexpectedly and unwittingly be forwarded to the CAS login screen and fail.

    Our approach transforms some CAS protocol 200 and 302 responses to 401 responses and makes navigating CAS protected REST interfaces a cinch. We prove this with a demonstration: accessing a CAS-protected REST endpoint with a single cURL command.

    At 10:00am to 10:45am, Wednesday 5th June

    In Opal, The Westin San Diego

  • Identity Management and the Academic & Research Community

    by Seth Theriault and Benjamin Oshrin

    In complex, decentralized environments like academic and research institutions, identity data is often seen as difficult to acquire and therefore limited to basic information. But high-quality identity data is often available from various sources, and if made available globally, can vastly simplify and improve a wide variety of service offerings. Using various use-case examples, the presenters will discuss methods to acquire this data from systems of record, strategies for managing it, and how it can used to improve the user experiences in applications such as Sakai CLE, library applications, uPortal, Bedework, and Shibboleth.

    At 11:00am to 11:45am, Wednesday 5th June

    In Opal, The Westin San Diego

    Coverage video

  • The Thrill of The Hunt - Tracking and Terminating Single Sign-On Sessions in CAS and Shibboleth

    by Mike Grady and Andrew Petro

    Fully understanding session management, and effective logout strategies, when using SSO services (e.g. CAS, Shibboleth) can be difficult, particularly when increasing the complexity by layering one SSO service over another (e.g. Shibboleth relying on CAS for authentication). The behavior of various browsers regarding session cookies also must be considered. Questions frequently arise on the support lists for both CAS and Shibboleth around session management and logout. This session will explore the concepts around, existing functionality for, and good practices in tracking and terminating single sign-on sessions, including timeouts and logout, in CAS and Shibboleth. Logout approaches to be discussed include single logout, browser closing, operating system session ending, hard drive reformatting, and high atmosphere electromagnetic pulses! (The latter aren't best practices, but current out-of-the-box browser behaviors around secure session management may drive you to consider it.)

    At 2:45pm to 3:30pm, Wednesday 5th June

    In Opal, The Westin San Diego

    Coverage video

  • InCommon Identity Assurance Profiles

    by Benjamin Oshrin

    The InCommon Identity Assurance Profiles (IAPs) are designed to provide a mechanism by which service providers can have more confidence in the integrity of the authentication services they rely on, especially in a federated environment. The InCommon Bronze and Silver Profiles have been approved for Federal LOA1 and LOA2 assurance.

    This session will provide an overview of the IAPs, an update on recent developments, a discussion of what impacts compliance may have on your IT infrastructure, and a preview of what service providers may introduce assurance requirements in the future.

    At 3:45pm to 4:30pm, Wednesday 5th June

    In Topaz, The Westin San Diego

    Coverage video

Schedule incomplete?

Add a new session

Filter by Day

Filter by coverage

Filter by Topic

Filter by Venue

Filter by Space