KB Version:

Page Navigation

Related Links

Learning Levels

Most Read

Authentication

Digest

Cascade is equipped to handle three types of user authentication: 

  1. Normal authentication (default) - default mode where authentication is handled natively by Cascade
     
  2. LDAP authentication - Cascade delegates authentication to an external LDAP server (e.g. Active Directory, OpenLDAP)
     
  3. Custom (3rd-party) authentication - Cascade provides an authentication API to allow developers to hook into third-party authentication/single sign-on systems (e.g. Kerberos, Shibboleth, CAS)

Technical

Normal (Built-in) Authentication

With normal authentication, users enter the usernames and passwords on the login screen and Cascade authenticates them against their encrypted credentials stored in the Cascade database.

User accounts must be created for each user before they can access the system. This is accomplished from Administration > Users, Groups, and Roles section (manually) or can be done programmatically via the Web Services API.

It is also possible to import users' usernames, emails, full names, and group/role memberships from an LDAP server but use Cascade's built-in facilities to authenticate the users. 

LDAP Authentication

Users can also be set to authenticate against an existing LDAP server like Active Directory or Open LDAP. Using LDAP, allows users and passwords to be centrally managed and then synced to Cascade.

The system still requires users records in the database for each user so that their preferences, Group and Role memberships can be maintained. However, only the DN (Distinguished Name) of the user and not the password are stored in the Casdcade database.

When the user attempts to login, the supplied username is used to retrieve the DN of the user. Then, Cascade attempts to bind to the LDAP server using the DN and the supplied password. The user is authenticated if the bind is successful.

Here is more information on setting up LDAP authentication in Cascade.

Custom User Authentication

Cascade exposes an authentication API to allow developers to hook into 3rd-party authentication and single sign-on frameworks. The API provides hooks into the authentication life cycle. Developers can choose to redirect the browser to custom login and logout screens and implement custom logic to supply the name of the user for Cascade to authenticate and logic to log the user out.

Please visit our custom authentication API project on github to learn more about developing authentication modules. Also check out our examples project to see working implementations of custom authentication using various technologies including CAS and Shibboleth.

Related Links