cas state of the project: open apereo 2015
TRANSCRIPT
![Page 1: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/1.jpg)
Open Apereo - June 1-4 2015
The latest about theCentral Authentication Service
Misagh [email protected]
![Page 2: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/2.jpg)
This session will summarize the achievements in the latest available Central Authentication Service server product, client library releases, available plugins and enhancements in the community around CAS.
Also see Open Apereo 2014 presentation:http://lanyrd.com/2014/apereo/sczzxx/
This Session
Open Apereo - June 1-4 2015
![Page 3: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/3.jpg)
Introduction
CAS Releases
CAS 4.1.x
CAS Clients
CAS and Shibboleth
Questions and Discussion
Agenda
Open Apereo - June 1-4 2015
![Page 4: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/4.jpg)
Monday:◦ 10:30am - ESUP CAS Packaging
Tuesday◦ 10:30am – The latest news about CAS
Wednesday:◦ 11:45am - A tale of two factors: 2FA AuthN with CAS
CAS at Apereo 2015
Open Apereo - June 1-4 2015
![Page 5: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/5.jpg)
CAS Committer; PMC member
Software Engineer/IAM Consultant
4 years with Unicon; 6 years with Apereo
Introduction: Misagh Moayyed
https://twitter.com/misagh84
https://github.com/mmoayyed
Open Apereo - June 1-4 2015
![Page 6: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/6.jpg)
Open Apereo - June 1-4 2015
Free and open source enterprise single sign-on for the web
Open well-documented protocol
Java server software; plethora of client libraries
What is CAS?
![Page 7: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/7.jpg)
Open Apereo - June 1-4 2015
CAS Maven WAR Overlay
Recommended method to deploy CAS
Local source control with only your custom
CAS recipe (in pom.xml) and your
customizations and configuration
Maven overlay builds this on top of specified
CAS server version https://github.com/UniconLabs/simple-cas4-overlay-
template
![Page 8: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/8.jpg)
Open Apereo - June 1-4 2015
Releases
![Page 9: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/9.jpg)
Open Apereo - June 1-4 2015
Available
◦ 3.5.x release: CAS 3.5.3
◦ 4.x release: CAS 4.0.1
Upcoming
◦ CAS 3.6.0 OAuth/OpenId security improvements LDAP authN bug fix Proxy authN configuration bug fix
◦ CAS 4.0.2 UI and Internationalization bug fixes OAuth/OpenId security improvements
Releases
![Page 10: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/10.jpg)
Open Apereo - June 1-4 2015
CAS 4.1.x
![Page 11: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/11.jpg)
Open Apereo - June 1-4 2015
CAS 4.1.x: History Development since May 2014
130+ issues/pull requests resolved
4.1.0-SNAPSHOT releases to Maven central/overlays
Docs will be available at:http://jasig.github.io/cas/4.1.0/
![Page 12: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/12.jpg)
Open Apereo - June 1-4 2015
CAS 4.1.x: Features CAS management webapp Client-side session management CAS security filter v2.0.2 Fetch CRLs from Ldap Require service for authN Config state report Metrics/Stats reports OpenId Connect / Pac4j v1.7 “Public workstation”
![Page 13: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/13.jpg)
Open Apereo - June 1-4 2015
CAS 4.1.x: Features Acceptable usage policy flow SSO sessions report CAS cookie encryption+signing OpenSAML v3.1.1 Password/PGT as user attributes Role-based service authz JSON service registry SAML 1.1 “TARGET” validation OAuth bypass approval prompt
![Page 14: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/14.jpg)
Open Apereo - June 1-4 2015
CAS 4.1.x: Features Deprecated JBoss, Uber-Webapp, Restlet Hostname auto-gen for HA deployment CAS local keystore config Principal attribute caching Dynamic salt for JDBC authN SLO/Logo/Logout url per service TGT/PGT encryption in logs SPNEGO client selection strategies 3rd party libraries update Many others…
![Page 15: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/15.jpg)
Open Apereo - June 1-4 2015
Demo
![Page 16: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/16.jpg)
Open Apereo - June 1-4 2015
CAS Clients
![Page 17: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/17.jpg)
Open Apereo - June 1-4 2015
Features include:
◦ OpenSAML dependency now optional
◦ Support for CAS /p3/serviceValidate
◦ Configuration strategy from system, web, context
and external
◦ Other bug fixes
Java CAS Client: v3.4.0
![Page 18: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/18.jpg)
Open Apereo - June 1-4 2015
Externalized Configuration
Specify in an external properties resource
Build once, deploy everywhere
<context-param> <param-name>configurationStrategy</param-name> <param-value>PROPERTY_FILE</param-value></context-param>
<context-param> <param-name>configFileLocation</param-name> <param-value>/etc/java-cas-client.properties</param-value></context-param>
![Page 19: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/19.jpg)
Open Apereo - June 1-4 2015
CAS and Shibboleth
![Page 20: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/20.jpg)
Open Apereo - June 1-4 2015
CAS protocol v2 built into IdP v3
AuthN via IdP; client exchange via CAS
Enabled per relying party config
Service registry analogue to SAML metadata
More at: http://bit.ly/1QOshTM
CAS support in Shibboleth IdP v3
![Page 21: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/21.jpg)
Open Apereo - June 1-4 2015
Compatible with Shibboleth IdP v3.x
Delegate Shib IdP authN to CAS server
CAS authN webflow
Configuration in idp.properties
Available at: https://github.com/Unicon/shib-
cas-authn3
Shib-CAS Authenticator v3
![Page 22: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/22.jpg)
Open Apereo - June 1-4 2015
Evaluate features, use cases and
requirements before adoption
Leverage CAS support in IdP v3 for existing
CAS client applications
Delegate IdP authN to a CAS server via
shib-cas-authn3
Shib+CAS Integration Patterns
![Page 23: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/23.jpg)
Open Apereo - June 1-4 2015
CAS Extensions
![Page 24: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/24.jpg)
Open Apereo - June 1-4 2015
CAS acting as a SAML SPhttps://github.com/UniconLabs/cas-saml-auth
Java CAS client auto configurationhttps://github.com/Unicon/cas-client-autoconfig-support
CAS [micro] add-onshttps://github.com/unicon-cas-addons
CAS Extensions
![Page 25: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/25.jpg)
Open Apereo - June 1-4 2015
CAS NextGen
![Page 26: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/26.jpg)
Open Apereo - June 1-4 2015
Roadmap under development◦ SAML SP support◦ MFA support◦ ADFS support◦ SSO management redesign◦ OAuth redesign◦ Front-channel logout◦ Java 8◦ …
Join the @cas-dev mailing list CAS AppSec Working Group:
◦ https://wiki.jasig.org/display/CAS/CAS+AppSec+Working+Group
CAS NextGen
![Page 27: CAS state of the project: Open Apereo 2015](https://reader034.vdocument.in/reader034/viewer/2022050923/55b359bbbb61eb1a448b4614/html5/thumbnails/27.jpg)
Open Apereo - June 1-4 2015
Questions?
https://twitter.com/misagh84
https://github.com/mmoayyed