SIDEBAR
About Pepperdine University
Pepperdine University is a private Christian college that enrolls approximately 7,700 students annually. Pepperdine has grown to be one of the top-ranking universities in the country, instilling in its students a sense of purpose, service, and leadership.
END SIDEBAR
Pepperdine University’s growth had been mirrored by its growing web systems environment across its campuses. The number of web applications continued to rise, including the addition of Modern Campus’ web content management system, Omni CMS, in 2002. Prior to 2008, Pepperdine required users to perform individual logins for each application. This was time-consuming and presented security issues, as it required more personal information than necessary to be exchanged with third parties. This also required end users to remember multiple user IDs and passwords, which resulted in a significant amount of calls to the Pepperdine IT Help Desk.
Systems Integration with CAS
In 2008, Pepperdine presented this login issue to Modern Campus and quickly discovered that Omni CMS could be integrated with the Central Authentication Service (CAS) single sign-on protocol. This integration would allow users to log in with one initial user ID and password that would then grant them access to all the applications that use CAS, without having to enter the user ID and password again during a single session. In addition, CAS would allow an application to determine if a user had authenticated, but protect the user’s password from individual applications, allowing for a much more secure computing environment.
How CAS Works
The CAS single sign-on protocol works in a way such that when a user visits an application requiring authentication, the application redirects to a CAS login page. The CAS server validates the user’s authenticity by checking the user ID and password against a database. If the authentication succeeds, CAS then returns the user to the application, passing along a security ticket. The application then validates the ticket by contacting the CAS server over a secure connection and providing its own service identifier and ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated.
Benefits of CAS
Pepperdine experienced several benefits from integrating CAS with Omni CMS and other web applications. A major benefit was that application developers did not have to write the authentication, session-keeping, or session-ending functions; they were simply called from a standard library. It was easier to write a secure application because extra code is not needed to safeguard the user password. Thus, there was a lower cost of application integration because there was less work needed to make the application compatible and there was less code to write. This ensured consistent and proper handling of all credentials and allowed independence from the authentication mechanism, as there was no need to think about whether certificates, passwords, and so forth were used to authenticate. Examples of such applications are iTunesU and Google Apps/Mail, which have been effectively utilized by Pepperdine.
Another benefit of using CAS with Omni CMS was ensured security. No passwords are being transmitted to the host server, thus personal information and the university network are more secure. Additionally, CAS provides stats that tell you how often users get CAS tickets for Omni CMS. The reporting is centralized for compliance adherence. Also, while the CAS session is two hours, the Omni CMS session remains independent of the CAS session timeout.
A Simplified and Secure Solution
Pepperdine found the integration of CAS with Omni CMS to be effective and efficient for the institution’s website and other applications. The security of information and the ease of use increased, resulting in a better web experience for all users of Pepperdine’s web services. Users are provided with a unified view of authentication and, therefore, multiple logins for various applications are no longer required, making it a much simpler login process. Due to this simplification, Pepperdine has had fewer calls to the IT Help Desk, which reduces the man-hour costs associated with password resets. In addition, web applications are more accessible, thereby encouraging use for teaching and learning.