|
The Central Authentication Service (CAS) is a single sign-on protocol for the web.〔(【引用サイトリンク】url=http://jasig.github.io/cas/4.0.x/protocol/CAS-Protocol.html )〕 Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name ''CAS'' also refers to a software package that implements this protocol. ==Description== The CAS protocol involves at least three parties: a ''client'' web browser, the web ''application'' requesting authentication, and the ''CAS server''. It may also involve a ''back-end service'', such as a database server, that does not have its own HTTP interface but communicates with a web application. When the client visits an application desiring to authenticate to it, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database (such as Kerberos, LDAP or Active Directory). If the authentication succeeds, CAS returns the client to the application, passing along a security ticket. The application then validates the ticket by contacting CAS over a secure connection and providing its own service identifier and the ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated. CAS allows multi-tier authentication via proxy address. A cooperating ''back-end'' service, like a database or mail server, can participate in CAS, validating the authenticity of users via information it receives from web applications. Thus, a webmail client and a webmail server can all implement CAS. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「The Central Authentication Service (CAS) is a single sign-on protocol for the web.(【引用サイトリンク】url=http://jasig.github.io/cas/4.0.x/protocol/CAS-Protocol.html ) Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name ''CAS'' also refers to a software package that implements this protocol.==Description==The CAS protocol involves at least three parties: a ''client'' web browser, the web ''application'' requesting authentication, and the ''CAS server''. It may also involve a ''back-end service'', such as a database server, that does not have its own HTTP interface but communicates with a web application.When the client visits an application desiring to authenticate to it, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database (such as Kerberos, LDAP or Active Directory).If the authentication succeeds, CAS returns the client to the application, passing along a security ticket. The application then validates the ticket by contacting CAS over a secure connection and providing its own service identifier and the ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated.CAS allows multi-tier authentication via proxy address. A cooperating ''back-end'' service, like a database or mail server, can participate in CAS, validating the authenticity of users via information it receives from web applications. Thus, a webmail client and a webmail server can all implement CAS.」の詳細全文を読む スポンサード リンク
|