[DRE-maint] Bug#543528: RFP: rubycas-server -- single sign-on server based on JA-SIG's CAS protocol

Raphael Hertzog hertzog at debian.org
Tue Aug 25 15:07:23 UTC 2009

Package: wnpp
Severity: wishlist

* Package name    : rubycas-server
* URL             : http://code.google.com/p/rubycas-server/
* License         : GPLv2
  Programming Lang: Ruby
  Description     : single sign-on server based on JA-SIG's CAS protocol

(CCing teams that might be interested in packaging this software)

RubyCAS-Server is an implementation of the server-end of JA-SIG's CAS
protocol, providing a cross-domain single sign-on solution for web

RubyCAS-Server gives you:

    * A stand-alone central login page where the user enters their
      credentials (i.e. their username and password).

    * A mechanism for validating the user's credentials against various
      backends (a table in a SQL database, ActiveDirectory/LDAP, Google
      accounts, etc.)

    * A back-end validator where CAS-enabled client applications connect
      to check whether the current user is authenticated (if the user has
      already been authenticated with the CAS server, then they are
      permitted to proceed, otherwise they are redirected to the CAS
      server's login page for authentication).

    * Full compatibility with the open, multi-platform CAS protocol (CAS
      clients are implemented for a wide range of platforms, including
      PHP, various Java frameworks, .NET, Zope, etc.)

    * Multi-language localization -- RubyCAS-Server automatically detects
      the user's preferred language and presents the appropriate

Why you would want/need this:

    * CAS allows you to share authentication across domains. That is, a
      service at myservice.com and another service at anotherservice.com
      can share the same sign-on session (without CAS, sharing session
      information across domains is a lot harder than it sounds --
      browsers are specifically designed to make this difficult).

    * The user only sees the login page once -- the first time they try to
      access any one of your CAS-protected services, and never again until
      they log out or their single-sign on session expires.

    * Client applications never see the user's actual credentials (i.e.
      user credentials are less exposed to snooping).

    * RubyCAS-Server can act as a single sign-on solution for a wide range
      of platforms (see the JA-SIG CAS clients page for details).

Raphaël Hertzog

More information about the Pkg-ruby-extras-maintainers mailing list