Open Apereo - June 1-4 2014
The Latest about the
Central Authentication Service
Misagh Moayyed
mmoayyed@unicon.net
 Introduction
 CAS 3.4/3.5 Security Releases
 CAS 4
 CAS Addons
 CAS Clients
 CAS and Shibboleth
 Questions and Dis...
This session will summarize the achievements
in the latest available Central Authentication
Service server product and cli...
 Sunday:
◦ CAS & Shibboleth for Enterprise WebSSO
 Monday:
◦ Latest about the Central Authentication Service
◦ To CAS 3 ...
 CAS Committer and PMC member
 3 years with Unicon; 5 years with JasigApereo
 Technical lead for Unicon’s Open Source
S...
 Support, services, training, managed services
and custom projects on and around enterprise
open source in and around hig...
 Free and open source
enterprise single sign-on
for the web
 Open well-documented
protocol
 Java server software;
pleth...
Open Apereo - June 1-4 2014
Open Apereo - June 1-4 2014
 Recommended method to deploy CAS
 Local source control (Git? GitHub?) with only
your custom...
Open Apereo - June 1-4 2014
Open Apereo - June 1-4 2014
CAS Security Releases
 Backward-compatible security releases:
v3.5.2.1 and v3.4.12.1
 Patch for SAML 2/Google Accounts
integration components
...
Open Apereo - June 1-4 2014
CAS4
 Current stable major release
 Improvements include:
◦ CAS protocol v3 release
◦ Build/Documentation improvements
◦ Grea...
 First commit on Feb 26th 2013
 4 RCs; GA release on May 7th 2014
 165 resolved JIRA issues
 181 closed pull requests
...
 New:
◦ User attributes in ticket validation response
◦ Strengthen proxy callback failure response
◦ authenticationDate, ...
Open Apereo - June 1-4 2014
 Build and Deployment
◦ Using Travis CI for internal builds
◦ Auto-deployment of Javadocs and reports
◦ Maven WAR Overlay...
 New AuthN API to support MFA
 New /p3/serviceValidate
endpoint for user attributes
 New submodules for SAML,
Managemen...
Open Apereo - June 1-4 2014
 “uid != password”
 The default
credentials are:
casuser/Mellon
Open Apereo - June 1-4 2014
 Pick a latest version (4.0.0)
 Add your skin/brand
 Add your configuration
◦ How do users ...
 CAS v4.1: Discussion ongoing
◦ 20+ JIRAs already resolved!
◦ Join the @cas-dev mailing list
 CAS AppSec Working Group:
...
Open Apereo - June 1-4 2014
CAS Addons
Open Apereo - June 1-4 2014
 Free, open source extensions for CAS
 Latest stable release: v1.11.1
 Include in Maven Ove...
Open Apereo - June 1-4 2014
 Compatible with CAS v3.5.2.1
 HazelcastTicketRegistry
 ReadWriteJsonServiceRegistryDao
 v...
Open Apereo - June 1-4 2014
CAS Clients
 Features include:
◦ URL exclusion patterns for the AuthN filter
◦ Support for default ports in service URLs
◦ Return Aut...
 CAS client for Play 2.x framework:
◦ https://github.com/leleuj/play-pac4j
◦ Support for CAS, OAuth, OpenId, HTTP, SAML
...
Open Apereo - June 1-4 2014
CAS and Shibboleth
 CAS AuthN plugin for Shibboleth IdP
 Custom CasLoginHandler
 Externalized configuration file
 Easier to deploy and co...
 Shibboleth IdP v2.4.0 Installer:
◦ Preconfigured with Shib-CAS AuthN v2
◦ Preconfigured with InCommon Metadata
◦ Preconf...
 If you don’t have SSO:
◦ Implement CAS4; available today
 If you have CAS:
◦ Upgrade your Maven overlays
 If you have ...
Open Apereo - June 1-4 2014
https://twitter.com/misagh84
https://github.com/mmoayyed
mmoayyed@unicon.net
Upcoming SlideShare
Loading in …5
×

Latest CAS News 2014

1,223 views

Published on

Published in: Software, Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,223
On SlideShare
0
From Embeds
0
Number of Embeds
56
Actions
Shares
0
Downloads
24
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Latest CAS News 2014

  1. 1. Open Apereo - June 1-4 2014 The Latest about the Central Authentication Service Misagh Moayyed mmoayyed@unicon.net
  2. 2.  Introduction  CAS 3.4/3.5 Security Releases  CAS 4  CAS Addons  CAS Clients  CAS and Shibboleth  Questions and Discussion Open Apereo - June 1-4 2014
  3. 3. This session will summarize the achievements in the latest available Central Authentication Service server product and client library releases and available plugins and enhancements in the community around CAS. Open Apereo - June 1-4 2014
  4. 4.  Sunday: ◦ CAS & Shibboleth for Enterprise WebSSO  Monday: ◦ Latest about the Central Authentication Service ◦ To CAS 3 and beyond: The story of a CAS upgrade  Tuesday: ◦ A tale of two factors: 2FA authentication with CAS ◦ How to CASify PeopleSoft; Integrating CAS and ADFS  Wednesday: ◦ Creating a Customizable Dynamic CAS Theme ◦ CAS implementation at Oakland University Open Apereo - June 1-4 2014
  5. 5.  CAS Committer and PMC member  3 years with Unicon; 5 years with JasigApereo  Technical lead for Unicon’s Open Source Support for CAS Open Apereo - June 1-4 2014 https://twitter.com/misagh84 https://github.com/mmoayyed mmoayyed@unicon.net
  6. 6.  Support, services, training, managed services and custom projects on and around enterprise open source in and around higher education  Identity and Access Management team working with CAS, Shibboleth, Grouper, OpenRegistry, …  Open Source Support for CAS, Shibboleth, Grouper, Sakai, uPortal, uMobile, SSP, … Open Apereo - June 1-4 2014
  7. 7.  Free and open source enterprise single sign-on for the web  Open well-documented protocol  Java server software; plethora of client libraries Open Apereo - June 1-4 2014
  8. 8. Open Apereo - June 1-4 2014
  9. 9. Open Apereo - June 1-4 2014  Recommended method to deploy CAS  Local source control (Git? GitHub?) with only your custom CAS recipe (in pom.xml) and your customizations and configuration  Maven overlay builds this on top of specified CAS server version  https://github.com/Unicon/unicon-cas-overlay
  10. 10. Open Apereo - June 1-4 2014
  11. 11. Open Apereo - June 1-4 2014 CAS Security Releases
  12. 12.  Backward-compatible security releases: v3.5.2.1 and v3.4.12.1  Patch for SAML 2/Google Accounts integration components  You SHOULD upgrade immediately, if you have enabled Google Apps support for CAS Open Apereo - June 1-4 2014
  13. 13. Open Apereo - June 1-4 2014 CAS4
  14. 14.  Current stable major release  Improvements include: ◦ CAS protocol v3 release ◦ Build/Documentation improvements ◦ Greater modularity ◦ Redesigned authentication APIs ◦ Many more…  The release is NOT backward-compatible with 3.5.x! Open Apereo - June 1-4 2014
  15. 15.  First commit on Feb 26th 2013  4 RCs; GA release on May 7th 2014  165 resolved JIRA issues  181 closed pull requests  900 git commits  7 committers; 17 contributors Open Apereo - June 1-4 2014
  16. 16.  New: ◦ User attributes in ticket validation response ◦ Strengthen proxy callback failure response ◦ authenticationDate, memberOf, isFromNewLogin attributes  Improved: ◦ Inclusion of Single Logout ◦ Inclusion of /samlValidate endpoint ◦ Compliant with common community practices Open Apereo - June 1-4 2014
  17. 17. Open Apereo - June 1-4 2014
  18. 18.  Build and Deployment ◦ Using Travis CI for internal builds ◦ Auto-deployment of Javadocs and reports ◦ Maven WAR Overlay for deployments  Documentation ◦ GitHub Pages site: http://jasig.github.io/cas/  Demos on Heroku ◦ CAS WebApp: https://jasigcas.herokuapp.com ◦ Mgmt Webapp: https://jasigcasmgmt.herokuapp.com Open Apereo - June 1-4 2014
  19. 19.  New AuthN API to support MFA  New /p3/serviceValidate endpoint for user attributes  New submodules for SAML, Management, OAuth, …  Dependency upgrades  LDAP AuthN and Password Policy improvements  User Attribute Filters  Front-channel Logout  Disallow Empty Service Registry  English as Default Locale  JS File in Themes  Language Bundle updates  Default Proxy AuthN set to Off  Many more… Open Apereo - June 1-4 2014
  20. 20. Open Apereo - June 1-4 2014  “uid != password”  The default credentials are: casuser/Mellon
  21. 21. Open Apereo - June 1-4 2014  Pick a latest version (4.0.0)  Add your skin/brand  Add your configuration ◦ How do users authenticate? ◦ Where do user attributes come from? ◦ Which applications are allowed to use CAS?  Build, test, deploy
  22. 22.  CAS v4.1: Discussion ongoing ◦ 20+ JIRAs already resolved! ◦ Join the @cas-dev mailing list  CAS AppSec Working Group: ◦ https://wiki.jasig.org/display/CAS/CAS+App Sec+Working+Group  New Committer: Robert Oschwald Open Apereo - June 1-4 2014
  23. 23. Open Apereo - June 1-4 2014 CAS Addons
  24. 24. Open Apereo - June 1-4 2014  Free, open source extensions for CAS  Latest stable release: v1.11.1  Include in Maven Overlays:  Available at: https://github.com/Unicon/cas-addons
  25. 25. Open Apereo - June 1-4 2014  Compatible with CAS v3.5.2.1  HazelcastTicketRegistry  ReadWriteJsonServiceRegistryDao  v2.x in development; support for CAS4  See more at: ◦ https://github.com/Unicon/cas-addons/wiki
  26. 26. Open Apereo - June 1-4 2014 CAS Clients
  27. 27.  Features include: ◦ URL exclusion patterns for the AuthN filter ◦ Support for default ports in service URLs ◦ Return AuthN instant from SAML response ◦ Disallow misconfiguration of forced AuthN ◦ Disallow empty proxy chains for ClearPass  v3.4.0 is in development Open Apereo - June 1-4 2014
  28. 28.  CAS client for Play 2.x framework: ◦ https://github.com/leleuj/play-pac4j ◦ Support for CAS, OAuth, OpenId, HTTP, SAML  CAS support for Ratpack toolkit: ◦ https://github.com/ratpack/ratpack/tree/master/r atpack-pac4j Open Apereo - June 1-4 2014
  29. 29. Open Apereo - June 1-4 2014 CAS and Shibboleth
  30. 30.  CAS AuthN plugin for Shibboleth IdP  Custom CasLoginHandler  Externalized configuration file  Easier to deploy and configure ◦ No session sharing requirement!  Available at: https://github.com/Unicon/shib-cas-authn2 Open Apereo - June 1-4 2014
  31. 31.  Shibboleth IdP v2.4.0 Installer: ◦ Preconfigured with Shib-CAS AuthN v2 ◦ Preconfigured with InCommon Metadata ◦ Preconfigured with TestShib’s SP Metadata  Available at: https://github.com/Unicon/unicon- shibboleth-idp-template Open Apereo - June 1-4 2014
  32. 32.  If you don’t have SSO: ◦ Implement CAS4; available today  If you have CAS: ◦ Upgrade your Maven overlays  If you have Shibboleth: ◦ Integrate using the shib-cas-authn2 module  If you need help: ◦ Unicon OSS program: http://www.unicon.net/support Open Apereo - June 1-4 2014
  33. 33. Open Apereo - June 1-4 2014 https://twitter.com/misagh84 https://github.com/mmoayyed mmoayyed@unicon.net

×