Your SlideShare is downloading. ×
  • Like
Latest CAS News 2014
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Latest CAS News 2014

  • 374 views
Published

 

Published in Software , Technology , Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
374
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
10
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Open Apereo - June 1-4 2014 The Latest about the Central Authentication Service Misagh Moayyed mmoayyed@unicon.net
  • 2.  Introduction  CAS 3.4/3.5 Security Releases  CAS 4  CAS Addons  CAS Clients  CAS and Shibboleth  Questions and Discussion Open Apereo - June 1-4 2014
  • 3. This session will summarize the achievements in the latest available Central Authentication Service server product and client library releases and available plugins and enhancements in the community around CAS. Open Apereo - June 1-4 2014
  • 4.  Sunday: ◦ CAS & Shibboleth for Enterprise WebSSO  Monday: ◦ Latest about the Central Authentication Service ◦ To CAS 3 and beyond: The story of a CAS upgrade  Tuesday: ◦ A tale of two factors: 2FA authentication with CAS ◦ How to CASify PeopleSoft; Integrating CAS and ADFS  Wednesday: ◦ Creating a Customizable Dynamic CAS Theme ◦ CAS implementation at Oakland University Open Apereo - June 1-4 2014
  • 5.  CAS Committer and PMC member  3 years with Unicon; 5 years with JasigApereo  Technical lead for Unicon’s Open Source Support for CAS Open Apereo - June 1-4 2014 https://twitter.com/misagh84 https://github.com/mmoayyed mmoayyed@unicon.net
  • 6.  Support, services, training, managed services and custom projects on and around enterprise open source in and around higher education  Identity and Access Management team working with CAS, Shibboleth, Grouper, OpenRegistry, …  Open Source Support for CAS, Shibboleth, Grouper, Sakai, uPortal, uMobile, SSP, … Open Apereo - June 1-4 2014
  • 7.  Free and open source enterprise single sign-on for the web  Open well-documented protocol  Java server software; plethora of client libraries Open Apereo - June 1-4 2014
  • 8. Open Apereo - June 1-4 2014
  • 9. Open Apereo - June 1-4 2014  Recommended method to deploy CAS  Local source control (Git? GitHub?) with only your custom CAS recipe (in pom.xml) and your customizations and configuration  Maven overlay builds this on top of specified CAS server version  https://github.com/Unicon/unicon-cas-overlay
  • 10. Open Apereo - June 1-4 2014
  • 11. Open Apereo - June 1-4 2014 CAS Security Releases
  • 12.  Backward-compatible security releases: v3.5.2.1 and v3.4.12.1  Patch for SAML 2/Google Accounts integration components  You SHOULD upgrade immediately, if you have enabled Google Apps support for CAS Open Apereo - June 1-4 2014
  • 13. Open Apereo - June 1-4 2014 CAS4
  • 14.  Current stable major release  Improvements include: ◦ CAS protocol v3 release ◦ Build/Documentation improvements ◦ Greater modularity ◦ Redesigned authentication APIs ◦ Many more…  The release is NOT backward-compatible with 3.5.x! Open Apereo - June 1-4 2014
  • 15.  First commit on Feb 26th 2013  4 RCs; GA release on May 7th 2014  165 resolved JIRA issues  181 closed pull requests  900 git commits  7 committers; 17 contributors Open Apereo - June 1-4 2014
  • 16.  New: ◦ User attributes in ticket validation response ◦ Strengthen proxy callback failure response ◦ authenticationDate, memberOf, isFromNewLogin attributes  Improved: ◦ Inclusion of Single Logout ◦ Inclusion of /samlValidate endpoint ◦ Compliant with common community practices Open Apereo - June 1-4 2014
  • 17. Open Apereo - June 1-4 2014
  • 18.  Build and Deployment ◦ Using Travis CI for internal builds ◦ Auto-deployment of Javadocs and reports ◦ Maven WAR Overlay for deployments  Documentation ◦ GitHub Pages site: http://jasig.github.io/cas/  Demos on Heroku ◦ CAS WebApp: https://jasigcas.herokuapp.com ◦ Mgmt Webapp: https://jasigcasmgmt.herokuapp.com Open Apereo - June 1-4 2014
  • 19.  New AuthN API to support MFA  New /p3/serviceValidate endpoint for user attributes  New submodules for SAML, Management, OAuth, …  Dependency upgrades  LDAP AuthN and Password Policy improvements  User Attribute Filters  Front-channel Logout  Disallow Empty Service Registry  English as Default Locale  JS File in Themes  Language Bundle updates  Default Proxy AuthN set to Off  Many more… Open Apereo - June 1-4 2014
  • 20. Open Apereo - June 1-4 2014  “uid != password”  The default credentials are: casuser/Mellon
  • 21. Open Apereo - June 1-4 2014  Pick a latest version (4.0.0)  Add your skin/brand  Add your configuration ◦ How do users authenticate? ◦ Where do user attributes come from? ◦ Which applications are allowed to use CAS?  Build, test, deploy
  • 22.  CAS v4.1: Discussion ongoing ◦ 20+ JIRAs already resolved! ◦ Join the @cas-dev mailing list  CAS AppSec Working Group: ◦ https://wiki.jasig.org/display/CAS/CAS+App Sec+Working+Group  New Committer: Robert Oschwald Open Apereo - June 1-4 2014
  • 23. Open Apereo - June 1-4 2014 CAS Addons
  • 24. Open Apereo - June 1-4 2014  Free, open source extensions for CAS  Latest stable release: v1.11.1  Include in Maven Overlays:  Available at: https://github.com/Unicon/cas-addons
  • 25. Open Apereo - June 1-4 2014  Compatible with CAS v3.5.2.1  HazelcastTicketRegistry  ReadWriteJsonServiceRegistryDao  v2.x in development; support for CAS4  See more at: ◦ https://github.com/Unicon/cas-addons/wiki
  • 26. Open Apereo - June 1-4 2014 CAS Clients
  • 27.  Features include: ◦ URL exclusion patterns for the AuthN filter ◦ Support for default ports in service URLs ◦ Return AuthN instant from SAML response ◦ Disallow misconfiguration of forced AuthN ◦ Disallow empty proxy chains for ClearPass  v3.4.0 is in development Open Apereo - June 1-4 2014
  • 28.  CAS client for Play 2.x framework: ◦ https://github.com/leleuj/play-pac4j ◦ Support for CAS, OAuth, OpenId, HTTP, SAML  CAS support for Ratpack toolkit: ◦ https://github.com/ratpack/ratpack/tree/master/r atpack-pac4j Open Apereo - June 1-4 2014
  • 29. Open Apereo - June 1-4 2014 CAS and Shibboleth
  • 30.  CAS AuthN plugin for Shibboleth IdP  Custom CasLoginHandler  Externalized configuration file  Easier to deploy and configure ◦ No session sharing requirement!  Available at: https://github.com/Unicon/shib-cas-authn2 Open Apereo - June 1-4 2014
  • 31.  Shibboleth IdP v2.4.0 Installer: ◦ Preconfigured with Shib-CAS AuthN v2 ◦ Preconfigured with InCommon Metadata ◦ Preconfigured with TestShib’s SP Metadata  Available at: https://github.com/Unicon/unicon- shibboleth-idp-template Open Apereo - June 1-4 2014
  • 32.  If you don’t have SSO: ◦ Implement CAS4; available today  If you have CAS: ◦ Upgrade your Maven overlays  If you have Shibboleth: ◦ Integrate using the shib-cas-authn2 module  If you need help: ◦ Unicon OSS program: http://www.unicon.net/support Open Apereo - June 1-4 2014
  • 33. Open Apereo - June 1-4 2014 https://twitter.com/misagh84 https://github.com/mmoayyed mmoayyed@unicon.net