The official CAS
5.0.0 GA was released on November 7th 2016. Since then,
the project has been moving forward with development of the next feature release
that is tagged as
5.1.0. This post intends to highlight some of the improvements
and enhancements packed into the fourth release candidate in the
If you are looking for additional info on the previous release candidate, please see this post.
- SAML2 Service Providers
- CAS Demos
- Surrogate Authentication
- SAML2 NameID Qualifiers
- Scripted Attribute Release
- Distributed Tracing
- Encrypted Service Usernames
- Automated Docker Cloud Builds
- Eureka Service Discovery
- Spring Cloud w/ Apache ZooKeeper
- Logging Enhancements
- Spring Boot Administration Server
- Multifactor EntityID Trigger
- Principal ID As Attribute
- Groovy Attribute Value Filters
- Minor Changes
- Library Upgrades
- What’s Next?
- Get Involved
- Das Ende
SAML2 Service Providers
A few more SAML2 service providers are added to this release namely Adobe Cloud, AcademicWorks, Infinite Campus, Slack, Gartner, Zendesk and more.
CAS demos are neatly organized and deployed on Heroku.
The ability to authenticate on behalf of another user, so called Surrogate Authentication, is now included in this release.
SAML2 NameID Qualifiers
SAML2 service definitions are now allowed the option to override the name qualifiers for a given subject’s name id.
Scripted Attribute Release
Scripted attribute release policies are now able to accept an inlined groovy script as well.
CAS embraces Spring Cloud Sleuth which implements a distributed tracing solution for Spring Cloud.
Encrypted Service Usernames
CAS username providers are now able to encrypt the resolved username using the service public key. Applications are expected to decrypt of course using their paired private key.
Automated Docker Cloud Builds
CAS is now taking advantage of Docker Cloud’s automated builds
to auto-publish CAS images for the
latest and all other relevant tagged releases.
Eureka Service Discovery
Thanks to Spring Cloud, CAS provides integration support for Eureka Service Discovery.
Spring Cloud w/ Apache ZooKeeper
More of a documentation enhancement and thanks to community contributions and expertise, the CAS Spring Cloud configuration server is now able to use Apache ZooKeeper as the backend storage service to house CAS settings.
Another documentation improvement, the CAS logging guide introduces a few new sections to explain logging layouts. There is also some verbiage that describes how to integrate CAS logs with Papertrail.
Spring Boot Administration Server
Starting with this release, the actuator endpoints provided by Spring Boot can be managed remotely via the Spring Boot Admin server dashboard.
Multifactor EntityID Trigger
In cases where authentication is delegated to CAS most commonly from a Shibboleth Identity Provider, the
entityId is passed to CAS as an extra request parameter to indicate the service provider. In this release, CAS begins to recognize the
entityId parameter and treat it as a normal
service that is linked to the CAS service registry which can then be assigned different access strategy and multifactor authentication policies.
Principal ID As Attribute
A small enhancement to CAS attribute release policies where now, the principal id itself can be released as a custom attribute of your own choosing on a per-service basis.
Groovy Attribute Value Filters
Attribute values for release policies can now take advantage of Groovy scripts to weed through the released collection dynamically.
Additional docs are now available to explain:
- How to extend the CAS configuration
- How to extend the CAS webflow
- How to design custom triggers for multifactor authentication
- How to design custom authentication strategies
Additionally, common CAS configuration settings that apply to more than one module are given their own dedicated space.
A number of small bug fixes and improvements have been incorporated into this feature release:
- Acceptable Usage Policy is now able to correctly accept and store user decisions.
- Hazelcast ticket registry is now able to properly decode and find encrypted tickets.
- Minor updates to CAS messages bundles for non-english languages.
- Support for configuration of container-managed JDBC connections is added to this release candidate.
- Minor fixes to how OAuth/OpenID Connect tickets are deserialized and stored in JSON-based ticket registries.
- Google Apps integration correctly should handle the
- X509 authentication should correctly route the user back to the login form in cases of authentication failures.
- Google authenticator backed by JDBC should properly create and name databasse tables.
- Minor fixes to OpenID module to ensure views can proper render for ticket validation and other requests.
- Minor fixes to OpenID Connect module to ensure scopes can properly be filtered, and that clients are fully loaded and management via the services management web application.
- MDC logging is now respecting nullable properties of the HTTP request.
- Authy as a multifactor authentication provider gains the ability to specify the country code for the user phone number.
- MFA flows are now able to correctly handle scenarios where authentication produces warnings.
passwordgrant type is now correctly able to issue user profiles.
- Ticket registry cleaner is no longer scheduled as a no-op if it’s disabled in the configuration.
- A regression; CAS should resume supporting the duration syntax (i.e
PT20S) for settings.
- Documentation additions to explain how to generate various signing and encryption keys for CAS manually.
- Apache Tomcat
- Spring Cloud
- AWS SDK
- Spring Boot
The development team is working to make sure the CAS
5.1.0 release is
on schedule. This is the last release candidate in the
5.1.x release and the project will gear up to perform a few more rounds of testing and validation before the official GA release is tagged and made available.
- Start your CAS deployment today. Try out features and share feedback.
- Better yet, contribute patches.
- Review and suggest documentation improvements.
- Review the release schedule and make sure you report your desired feature requests on the project’s issue tracker.
A big hearty thanks to all who participated in the development of this release to submit patches, report issues and suggest improvements. Keep’em coming!