Accenture Questionaire
Technical Requirements
1.1.1 Can you please describe the general software architecture (e.g. availability, scalability, reverse proxy vs. agent-based)
CAS utilizes a typical model-view-controller and 3-tier architecture. This architecture supports swappable backends for increased availability and scalability. Based on ones needs, a deployer can use a database, memcached servers, or terracotta to deploy multiple instances of CAS that work together. CAS does not require the usage of HTTP Sessions, further making scalability easier. CAS executes in a standard servlet container such as Tomcat, JBoss, etc.
1.1.2 Does your application have any "Out-of-the-box" integration capabilities? (With what enterprise applications, server applicatons, web servers or user directories can the solution be integrated?)
Out of the box, CAS can integrate with databases, LDAP servers (including Active Directory), NTLM/SPNEGO, X.509 certificates, RADIUS and more. It currently supports the CAS1 and CAS2 protocols, SAML1.1 and integration with Google Apps. CAS has been shown to run on standard servlet containers including Tomcat, JBoss, Jetty, etc.
1.1.3 Does your solution have any custom integration capabilities with applications? (e.g a set of APIs in order to make integration possible)
CAS includes multiple sets of APIs that one can write to customize the behavior of CAS, including integration with different user directories, user resolution, and more.
Functional Requirements
2.1.1 Does your WebSSO solution include a Context Based Access Authorization, based on different parameters, such as target resource, source request, time of day, location, user information (age, job position) etc.?
CAS does not handle authorization. It can however, using SAML1.1, or a custom CAS2 response, return the attributes required for an application to make an authorization decision.
2.1.2 Does your WebSSO solution include a Risk Score or behavioral based authorization and enforcement, based on which different types of authentication methods (e.g. userid/password, secure token, digital certificates) are required from the end users?
CAS can be extended to calculate and return this information as part of the response.
2.1.3 Does your WebSSO solution include step-up or graduated authentication capabilities (e.g. from Password to Smartcard based on requested resource - linked to service criticality)?
Applications can specify that a user should re-authenticate.
2.1.4 Can you describe the methods that your solution supports for authorization? (e.g. fine grained authorization support, authorization models supported?
CAS is an authentication and single sign on system only.
2.1.5 What are the supported methods for authentication and session management? (e.g. user id and password, secure token, digital certificate etc)?
CAS is extensible to support any mechanism. Out of the box it can handle Username/Password (or token), NTLM/SPNEGO, and X.509 certificates.
2.1.6 Is there any graphical interface to manage and administrate resources, users, agents, groups, policies?
The only interface necessary in CAS is the one to manage the services which can use the system.
2.1.7 Does your WebSSO solution support Federation capability?
The Web SSO supports cross-domain single sign on but does not currently handle federations such as InCommon.
2.1.8 Does you WebSSO solution support different repositories? (Multi Directory Support for Identities and Policies)
Yes.