Jasig CAS 3.5 -What’s new?Jasig-Sakai 2012Monday June 11th 2012Atlanta, GAAndrew Petro - Unicon, Inc.
Who am I?CAS committerPreviously, CAS steering committee member
I work for Trusted Partner since 1993 Expertise in Open Source Software for Education Professional Services for CAS, Shibb...
CAS-related at thisconference - today Jasig CAS 3.5 - What’s new? (this) Fordham Goes ABAC for CAS - Extending CAS with At...
CAS-related at thisconference - tomorrowColumbia Goes Goo-      High Availability inGoogle for CAS -        Hurricane Alle...
CAS-related at thisconference - Thursday Shibboleth and CAS - more perfect together
This session What is CAS anyway? Status of CAS 3.4 What’s new in CAS 3.5? What’s otherwise new in CAS? Questions, discussi...
What is CAS, anyway?
CAS isopen source      Modify applications to                 rely upon CAS tosingle sign-on                 authenticate ...
Good featuresPluggable, flexible, and malleable  a toolkit for building your institutional login experienceSimple CAS proto...
You    are h          ere.
CAS is simple Example: CAS doesn’t        Kinds of credentials CAS want to *be* your store     supports: of credentials, y...
Spring Web Flow
Spring Web Flow useful foradding Acceptable Use Policy acceptance prompt stale / expired password warning / enforcement nu...
Lots of integration libraries Java / Java Servlet          Ruby Filter / Spring Security /                              PA...
Lots of applications withavailable CAS support uPortal        ... Sakai Drupal Wordpress Liferay Blackboard
Lots of adopting institutions Unclear how many? http://millionshort.com/ search.php?q=Jasig +CAS&remove=1000k
Community (via Jasig) email lists wiki and issue tracker source control (now on GitHub) this conference ...
Implement using MavenoverlayFactor your CAS           CAS distribution + yourimplementation as         dependencies + your...
CAS 3.4
CAS 3.4Mature, well-known3.4.12 is latest patch release  Patch releases are intended to be zero pain drop-in  upgradesWell...
CAS 3.4.123.4.12 is latest releaseRegular expression support in service registrationmatchingMisc. fixes and improvements in...
CAS 3.5 - what’s new
3.5 “minor” release Incur some upgrade pain on 3.4 to 3.5 In exchange for new functionality and improvements
ThemesTheme 1: extensions coming into CAS productTheme 2: incremental honing and maturity
Theme 1: Extensionscoming into CAS productLPPE - LDAP                 OAuth2 producer andPassword / Account          consu...
LPPE - LDAP accountstatus reflectionWhy is authentication   Now error codesagainst LDAP (Active    reflected in UI.Directory...
ClearPassoptional password         off by default. severalcaching and selective,    steps required to turn onsecure passwo...
Why do I need ClearPass??
Why else do I needClearPass? Outlook Web Application CASification? WebAdvisor CASification? It’s a tool. You may need it. Yo...
Do I have to cache andrelease passwords? Absolutely not. Off by default. Very. But now easier to turn on, with less messin...
EhCache Ticket Registry Another option for           Options within EhCache clustering ticket registry   for implementing ...
OAuth Producer andConsumer supportand improved OpenIDsupport
Choose to login via OAuth
Login at e.g. GitHub
Validating the ticket
Theme 2: Incrementalhoning and maturityRegular expressions in   Improved healthservice registration     monitoringmatching...
SSO session expirationpolicy (“TicketGrantingTicket” expiration policy) Set both a hard timeout And a sliding window idle ...
Improved propertieshandling More in cas.properties Sensible defaults optionally overridden by cas.properties (set what you...
(Those were all old, actually) The incremental feature in CAS 3.5 is additional monitoring, suitable for targeting with an...
CAS 3.5 status3.5 RC2 now available for testingDoing QA, mopping up issues and glitches3.5 GA release “soon”  days or week...
How you upgradeUpdate your pom.xml to depend on CAS 3.5  Not using Maven Overlay? good time to start?Resolve conflicts, mer...
What else is new? GitHub New committer Jérôme Leleu Better integration for using CAS as the login mechanism for Shibboleth...
CAS now using GitHub
New committerJérôme LeleuContributed OAuth supportadmirably active on lists, in the project
CAS + Shib = happyCAS for flexible single sign-on experience  Spring Web Flow!Shibboleth IdP for rigorous SAML2 and Federat...
phpCAS client library release Much better handling of proxy CAS (n-tier delegated authentication) features
SummaryActive projectContinued maturityGently pulling successful extensions into the coreproduct
Questions? Discussion?
Contact information Andrew Petro apetro@unicon.net http://www.unicon.net/blog/apetro http://www.unicon.net/contact
LunchAtlanta Ballroom7th floor
LunchAtlanta Ballroom7th floor
Contact information Andrew Petro apetro@unicon.net http://www.unicon.net/blog/apetro http://www.unicon.net/contact
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
What's New in CAS 3.5
Upcoming SlideShare
Loading in …5
×

What's New in CAS 3.5

3,710 views

Published on

Published in: Technology
1 Comment
3 Likes
Statistics
Notes
  • Hi,

    First, I'd like to thank Andrew for his great presentations and for introducing me.
    About OAuth support, I'd like to add that regarding OAuth client support, CAS server can also delegate authentication to Facebook, Google, Yahoo, LinkedIn or Twitter.
    The best way to start with OAuth support in CAS is the wiki : https://wiki.jasig.org/display/CASUM/OAuth.
    Thanks.
    Best regards,
    Jérôme Leleu
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
3,710
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
66
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • What's New in CAS 3.5

    1. 1. Jasig CAS 3.5 -What’s new?Jasig-Sakai 2012Monday June 11th 2012Atlanta, GAAndrew Petro - Unicon, Inc.
    2. 2. Who am I?CAS committerPreviously, CAS steering committee member
    3. 3. I work for Trusted Partner since 1993 Expertise in Open Source Software for Education Professional Services for CAS, Shibboleth, uPortal, Sakai, Grouper, Student Success Plan, ... Innovative Cooperative Support program
    4. 4. CAS-related at thisconference - today Jasig CAS 3.5 - What’s new? (this) Fordham Goes ABAC for CAS - Extending CAS with Attribute-Based Access Control
    5. 5. CAS-related at thisconference - tomorrowColumbia Goes Goo- High Availability inGoogle for CAS - Hurricane Alley - Multi-Extending CAS with site Multi-node CASWIND Protocol Support Deep in the Heart ofand Service Registry Texas
    6. 6. CAS-related at thisconference - Thursday Shibboleth and CAS - more perfect together
    7. 7. This session What is CAS anyway? Status of CAS 3.4 What’s new in CAS 3.5? What’s otherwise new in CAS? Questions, discussion Lunch!
    8. 8. What is CAS, anyway?
    9. 9. CAS isopen source Modify applications to rely upon CAS tosingle sign-on authenticate the userfor the Web
    10. 10. Good featuresPluggable, flexible, and malleable a toolkit for building your institutional login experienceSimple CAS protocol and client librariesn-tier delegated authenticationpassword replay still possible if you really want
    11. 11. You are h ere.
    12. 12. CAS is simple Example: CAS doesn’t Kinds of credentials CAS want to *be* your store supports: of credentials, your passwords (bind account management against LDAP, in a system, your attribute database, ...) repository. x.509 certificates It wants to leverage your IdM infrastructure to OAuth broker Web logins ...
    13. 13. Spring Web Flow
    14. 14. Spring Web Flow useful foradding Acceptable Use Policy acceptance prompt stale / expired password warning / enforcement nuanced authentication error messaging / handling coarse grained access control target-application-specific handling ...
    15. 15. Lots of integration libraries Java / Java Servlet Ruby Filter / Spring Security / PAM module Apache Shiro / Tomcat Python Apache module ... .NET PHP Perl
    16. 16. Lots of applications withavailable CAS support uPortal ... Sakai Drupal Wordpress Liferay Blackboard
    17. 17. Lots of adopting institutions Unclear how many? http://millionshort.com/ search.php?q=Jasig +CAS&remove=1000k
    18. 18. Community (via Jasig) email lists wiki and issue tracker source control (now on GitHub) this conference ...
    19. 19. Implement using MavenoverlayFactor your CAS CAS distribution + yourimplementation as dependencies + yourpom.xml dependency changes + yourdeclaration, local configuration = your CASconfiguration, and local implementationcustomizations
    20. 20. CAS 3.4
    21. 21. CAS 3.4Mature, well-known3.4.12 is latest patch release Patch releases are intended to be zero pain drop-in upgradesWell understood and a fine conservative choice for yourCAS implementation today
    22. 22. CAS 3.4.123.4.12 is latest releaseRegular expression support in service registrationmatchingMisc. fixes and improvements in recent 3.4.x releases
    23. 23. CAS 3.5 - what’s new
    24. 24. 3.5 “minor” release Incur some upgrade pain on 3.4 to 3.5 In exchange for new functionality and improvements
    25. 25. ThemesTheme 1: extensions coming into CAS productTheme 2: incremental honing and maturity
    26. 26. Theme 1: Extensionscoming into CAS productLPPE - LDAP OAuth2 producer andPassword / Account consumer support -status reflection more ways to authenticate users toClearPass - optional CAS and to integratepassword caching and with CAS in relyingselective, secure release applicationsEhCache Ticket Registry- another option forticket state clustering
    27. 27. LPPE - LDAP accountstatus reflectionWhy is authentication Now error codesagainst LDAP (Active reflected in UI.Directory) failing?Password wrong? Initially integrates withAccount is locked? Active Directory, with potential for more errorOther error code? mappings
    28. 28. ClearPassoptional password off by default. severalcaching and selective, steps required to turn onsecure password release this feature.to relying applicationsThis was a separate CASextension, now drawninto the core CASproduct
    29. 29. Why do I need ClearPass??
    30. 30. Why else do I needClearPass? Outlook Web Application CASification? WebAdvisor CASification? It’s a tool. You may need it. You may be able to avoid it. Try to avoid.
    31. 31. Do I have to cache andrelease passwords? Absolutely not. Off by default. Very. But now easier to turn on, with less messing around with Maven and dependencies conflict resolution.
    32. 32. EhCache Ticket Registry Another option for Options within EhCache clustering ticket registry for implementing and state among clustered replicating that cache CAS server nodes RMI Bridges from CAS Terracotta TicketRegistry API to EhCache
    33. 33. OAuth Producer andConsumer supportand improved OpenIDsupport
    34. 34. Choose to login via OAuth
    35. 35. Login at e.g. GitHub
    36. 36. Validating the ticket
    37. 37. Theme 2: Incrementalhoning and maturityRegular expressions in Improved healthservice registration monitoringmatching * Upgrades toBetter SSO session dependencies, Springexpiration policy * framework version, etc.Improved propertieshandling * = also in later / latest CAS 3.4.x release
    38. 38. SSO session expirationpolicy (“TicketGrantingTicket” expiration policy) Set both a hard timeout And a sliding window idle timeout
    39. 39. Improved propertieshandling More in cas.properties Sensible defaults optionally overridden by cas.properties (set what you change) Easier to put cas.properties outside of the .war Logging configuration file location set in cas.properties
    40. 40. (Those were all old, actually) The incremental feature in CAS 3.5 is additional monitoring, suitable for targeting with an automated probe.
    41. 41. CAS 3.5 status3.5 RC2 now available for testingDoing QA, mopping up issues and glitches3.5 GA release “soon” days or weeks, not months or yearsExpect patch releases to follow a 3.5.0 release
    42. 42. How you upgradeUpdate your pom.xml to depend on CAS 3.5 Not using Maven Overlay? good time to start?Resolve conflicts, merge your configuration with newdefaults, migrate forward your service registry dataTest outside of production!Roll to production
    43. 43. What else is new? GitHub New committer Jérôme Leleu Better integration for using CAS as the login mechanism for Shibboleth IdP phpCAS client release
    44. 44. CAS now using GitHub
    45. 45. New committerJérôme LeleuContributed OAuth supportadmirably active on lists, in the project
    46. 46. CAS + Shib = happyCAS for flexible single sign-on experience Spring Web Flow!Shibboleth IdP for rigorous SAML2 and FederationBetter implementation of this at:https://github.com/Unicon/shib-cas-authenticatorPresentation later in conference
    47. 47. phpCAS client library release Much better handling of proxy CAS (n-tier delegated authentication) features
    48. 48. SummaryActive projectContinued maturityGently pulling successful extensions into the coreproduct
    49. 49. Questions? Discussion?
    50. 50. Contact information Andrew Petro apetro@unicon.net http://www.unicon.net/blog/apetro http://www.unicon.net/contact
    51. 51. LunchAtlanta Ballroom7th floor
    52. 52. LunchAtlanta Ballroom7th floor
    53. 53. Contact information Andrew Petro apetro@unicon.net http://www.unicon.net/blog/apetro http://www.unicon.net/contact

    ×