The document summarizes a briefing on updates regarding CAS, Shibboleth, and Grouper, including Unicon's contributions and open-source support. It highlights upcoming events, progress on CAS4 and Shibboleth IDP v3 development, as well as new features in Grouper v2.2. Additional details on Unicon's engagement with the community and subscriber support are also provided.

1. Unicon IAM Update
CAS, Shibboleth, Grouper
13 February 2014
Mike Grady • Misagh Moayyed
Audio is via Adobe Connect.
There is no phone dial-in.

2. Welcome to this
briefing
• Updates on CAS, Shibboleth and Grouper
• Unicon contributions to CAS, Shibboleth and
Grouper
• Unicon's Open Source Support
• Thanks, Q&A

3. Introduction:
Mike Grady
•
IAM, Shibboleth, CAS,
Internet2 Scalable Privacy
•
36 years at University of
Illinois before Unicon
•
Unicon’s Open Source
Support for Shibboleth
technical lead

4. Introduction:
Misagh Moayyed
•
IAM, Shibboleth, CAS,
uPortal, uMobile
•
2 years full time with
Unicon
•
Unicon’s Open Source
Support for CAS
technical lead

5. This session is being
recorded.
•
Will post after:
•
•
Slides
•
Slidecast with audio
Notes blog post with
useful hyperlinks

6. Observations and
Highlights

7. Past Events
• Identity Week, November 11-15 2013: REFEDS,
CAMP, ACAMP
Burlingame, CA
• Apereo Camp, January 27-30 2014:
CAS, uPortal, OpenRegistry, Sakai
Mesa, AZ

8. Upcoming Events
• Shibboleth Workshop Series - March 24-25
Durham, NC
• Internet2 Global Summit - April 6-10
Denver, CO
• Open Apereo 2014 - June 1-4
Miami, FL
• Internet2 Technology Exchange – Oct 26-30
Indianapolis, IN

9. Highlights
About CAS

10. CAS4
• RC3 released. To RC4 and beyond...
• APIs to support MFA use cases
• Password policy improvements
• CAS documentation revamp;
See http://jasig.github.io/cas

11. CAS4 - Documentation

12. Highlights
About Shibboleth

13. Shibboleth
• IdP v3 development in progress;
https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details
• Community news at http://shibboleth.net/community/news
• Latest versions: IdP v2.4.0, SP v2.5.3

14. Identity Provider v3
• Release Goals:
• Support extensions (i.e uApprove) within profiles
• Improve “rough spots” in the API
• V2 protocol interoperable; API-incompatible
https://wiki.shibboleth.net/confluence/display/IDP30/Software+Design
• Q3 Fall 2014 release is planned

15. Multi-Context Broker
https://github.com/Internet2/Shibboleth-Multi-Context-Broker
• IdP “LoginHandler” to orchestrate among multiple
authentication contexts, including MFA.
• Provide support for InCommon Assurance initative
• Pluggable authentication modules
• V1.0.0 is now available

16. Highlights
About Grouper

17. Grouper v2.2
http://goo.gl/5LrGAR
• Release expected by late Spring
• Services in Grouper
• Ability to write SCIM
• Improved Grouper configuration
• ...and...

18. New Grouper UI!
http://grouper-ui.uchicago.edu/hifi

19. Highlights About Unicon
Participation in CAS,
Shibboleth and Grouper

20. Open Source Support
• Support for open source software as adopted
by the community
• Unicon collaborates to maintain the supported
open source software making it more
supportable and valuable to subscribers
• “Act in the best interests of the subscribers, of the
community, and of Unicon”

21. CAS-related progress

22. CAS
• Password policy improvements
• Attributes in the CAS response

23. cas-addons
• https://github.com/Unicon/cas-addons
• Latest available release: 1.10
• New extensions:
• Hazelcast ticket registry
• Dynamic login view selection
• Request-based ticket expiration policy
•…

24. cas-addons HazelcastTicketRegistry

25. UniconLabs
https://github.com/UniconLabs
• cas-strap
• cas-sso-sessions-report
• service-registry-pattern-tester
• ...

26. Shibboleth-related
progress

27. Shib-CAS authenticator
v2
•
•
•
•
•
•
https://github.com/UniconLabs/shib-cas-authn2
CAS “LoginHandler” for Shibboleth Idp v2.x
Simpler, externalized configuration
No context-sharing requirement
Communicate the “entityId” to CAS
Currently in BETA status

28. Shib-CAS authenticator
v2

29. CAS-Shibboleth:
Integration possibilities
•
Shib-CAS-authenticator v2 combined with Multi-Context
broker?
•
CAS attributes to supplement the IdP's authentication
context?
•
CAS to resolve/release attributes to the IdP?

...reduce duplicate configuration and overhead

30. Shib-Config-UI
•
•
•
https://github.com/UniconLabs/shib-config-ui
Web interface to explore the configuration:
•
•
What attributes are released to this SP?
What is the SSO session length?
Further UI enhancements and features planned

31. Future work
• In discussion with developer community to
find more ways to assist
• Finalizing Tomcat7 DTA-SSL
• Particular missing features you need?

32. Grouper-related
progress

33. AuthZ Connectors
• Grouper & Apache Shiro
• Grouper & Spring Security
• Grouper & .NET Framework
• Grouper & Person Directory
• Grouper & OAuth w/ CAS
https://spaces.internet2.edu/display/Grouper/Unicon+Grouper+Contributions

34. More potential
• Additional authZ connectors?
• CAS-SSO for Grouper?
• Grouper & uPortal: Roles and Permissions?

35. What we do
•
Collaborate to maintain current stable
recommended releases
•
•
•
Work towards next releases
Explore extensions and opportunities
Responsive to inputs from subscriber experiences
•
•
•
Explicit requests
Learn from providing support
Empathize with your needs and projects

36. Feedback welcome
• Subscribers are welcome encouraged to get in
touch directly if you’d like any of this
information contextualized to your specific
situation. E.g., Should I upgrade to the next
release of shib-cas-authenticator?
• By all means, do get in touch.

37. Let’s do this again.
•
Next Unicon IAM Update:
•
•
Thursday June 19th 2014
12 PM MST

38. Questions / Discussion
via Adobe Connect chat?
• Mike Grady,
Support for Shibboleth Technical Lead
mgrady@unicon.net
• Misagh Moayyed,
Support for CAS Technical Lead
mmoayyed@unicon.net

39. (License)
This work is licensed under the Creative
Commons Attribution-NonCommercial 3.0
United States License. To view a copy of this
license, visit
http://creativecommons.org/licenses/bync/3.0/us/.

40. Photo credits
•
Personal photos of Mike, and Misagh: all rights
reserved.
•
Microphone:
http://www.flickr.com/photos/deanhp/3711222265/
http://creativecommons.org/licenses/by/2.0/deed.en