Single sign-on is a great technology. Requiring users
to login to multiple applications is huge hassle, encourages
password reuse and simple passwords. Security needs to focus on
usability. If you can make a user's life better while increasing
security, everybody wins.
In this how-to we will set up the open-source CAS SSO product
with the WiKID Strong Authentication Server for two-factor
authentication for sessions and mutual https authentication for
host authentication. Obviously using two-factor authentication for
the login increases security because the user must have the factors
to get access, in this case, knowledge of the PIN and possession of
the private key embedded in the token. The CAS server is running on
Ubuntu 11.04 Server and is using Radius to talk to the WiKID Strong
Authentication Server Enterprise Edition.