CAS 5.1.0 RC4 Feature Release

The official CAS 5.0.0 GA was released on November 7th 2016. Since then, the project has been moving forward with development of the next feature release that is tagged as 5.1.0. This post intends to highlight some of the improvements and enhancements packed into the fourth release candidate in the 5.1.0 series.

The in-development documentation of CAS 5.1.0 is available here. The release schedule is also available here. The release policy is available here.

If you are looking for additional info on the previous release candidate, please see this post.

SAML2 Service Providers

A few more SAML2 service providers are added to this release namely Adobe Cloud, AcademicWorks, Infinite Campus, Slack, Gartner, Zendesk and more.

CAS Demos

CAS demos are neatly organized and deployed on Heroku.

Surrogate Authentiction

The ability to authenticate on behalf of another user, so called Surrogate Authentication, is now included in this release.

SAML2 NameID Qualifiers

SAML2 service definitions are now allowed the option to override the name qualifiers for a given subject’s name id.

Scripted Attribute Release

Scripted attribute release policies are now able to accept an inlined groovy script as well.

Distributed Tracing

CAS embraces Spring Cloud Sleuth which implements a distributed tracing solution for Spring Cloud.

Encrypted Service Usernames

CAS username providers are now able to encrypt the resolved username using the service public key. Applications are expected to decrypt of course using their paired private key.

Automated Docker Cloud Builds

CAS is now taking advantage of Docker Cloud’s automated builds to auto-publish CAS images for the latest and all other relevant tagged releases.

Eureka Service Discovery

Thanks to Spring Cloud, CAS provides integration support for Eureka Service Discovery.

Spring Cloud w/ Apache ZooKeeper

More of a documentation enhancement and thanks to community contributions and expertise, the CAS Spring Cloud configuration server is now able to use Apache ZooKeeper as the backend storage service to house CAS settings.

Logging Enhancements

Another documentation improvement, the CAS logging guide introduces a few new sections to explain logging layouts. There is also some verbiage that describes how to integrate CAS logs with Papertrail.

Spring Boot Administration Server

Starting with this release, the actuator endpoints provided by Spring Boot can be managed remotely via the Spring Boot Admin server dashboard.

Multifactor EntityID Trigger

In cases where authentication is delegated to CAS most commonly from a Shibboleth Identity Provider, the entityId is passed to CAS as an extra request parameter to indicate the service provider. In this release, CAS begins to recognize the entityId parameter and treat it as a normal service that is linked to the CAS service registry which can then be assigned different access strategy and multifactor authentication policies.

Principal ID As Attribute

A small enhancement to CAS attribute release policies where now, the principal id itself can be released as a custom attribute of your own choosing on a per-service basis.

Groovy Attribute Value Filters

Attribute values for release policies can now take advantage of Groovy scripts to weed through the released collection dynamically.


Additional docs are now available to explain:

Additionally, common CAS configuration settings that apply to more than one module are given their own dedicated space.

Minor Changes

A number of small bug fixes and improvements have been incorporated into this feature release:

Community Contributions

  • Acceptable Usage Policy is now able to correctly accept and store user decisions.
  • Hazelcast ticket registry is now able to properly decode and find encrypted tickets.
  • Minor updates to CAS messages bundles for non-english languages.
  • Support for configuration of container-managed JDBC connections is added to this release candidate.
  • Minor fixes to how OAuth/OpenID Connect tickets are deserialized and stored in JSON-based ticket registries.
  • Google Apps integration correctly should handle the inResponseTo attribute.
  • X509 authentication should correctly route the user back to the login form in cases of authentication failures.
  • Google authenticator backed by JDBC should properly create and name databasse tables.
  • Minor fixes to OpenID module to ensure views can proper render for ticket validation and other requests.
  • Minor fixes to OpenID Connect module to ensure scopes can properly be filtered, and that clients are fully loaded and management via the services management web application.


  • MDC logging is now respecting nullable properties of the HTTP request.
  • Authy as a multifactor authentication provider gains the ability to specify the country code for the user phone number.
  • MFA flows are now able to correctly handle scenarios where authentication produces warnings.
  • OAuth2 password grant type is now correctly able to issue user profiles.
  • Ticket registry cleaner is no longer scheduled as a no-op if it’s disabled in the configuration.
  • A regression; CAS should resume supporting the duration syntax (i.e PT20S) for settings.
  • Documentation additions to explain how to generate various signing and encryption keys for CAS manually.

Library Upgrades

  • Apache Tomcat
  • Spring Cloud
  • Hazelcast
  • Thymeleaf
  • Log4j
  • Spring
  • Hibernate
  • Spring Boot

What’s Next?

The development team is working to make sure the CAS 5.1.0 release is on schedule. This is the last release candidate in the 5.1.x release and the project will gear up to perform a few more rounds of testing and validation before the official GA release is tagged and made available.

Get Involved

  • Start your CAS deployment today. Try out features and share feedback.
  • Better yet, contribute patches.
  • Review and suggest documentation improvements.
  • Review the release schedule and make sure you report your desired feature requests on the project’s issue tracker.

Das Ende

A big hearty thanks to all who participated in the development of this release to submit patches, report issues and suggest improvements. Keep’em coming!

Misagh Moayyed

Related Posts

CAS 6.0.0 RC4 Feature Release which I present an overview of CAS 6.0.0 RC4 release.

Apereo CAS 6.0.x - Building CAS Feature Modules

An overview of how various CAS features modules today can be changed and tested from the perspective of a CAS contributor working on the codebase itself to handle a feature request, bug fix, etc.

CAS 6.0.x Deployment - WAR Overlays

Learn how to configure and build your own CAS deployment via the WAR overlay method, get rich quickly, stay healthy indefinitely and respect family and friends in a few very easy steps.

Apereo CAS - Jib at CAS Docker Images

Learn how you may use Jib, an open-source Java containerizer from Google, and its Gradle plugin to build CAS docker images seamlessly without stepping too deep into scripting Dockerfile commands.

Apereo CAS 6 - Administrative Endpoints & Monitoring

Gain insight into your running Apereo CAS 6 deployment in production. Learn how to monitor and manage the server by using HTTP endpoints and gather metrics to diagnose issues and improve performance.

Apereo CAS - SAML2 Metadata with MongoDb

CAS distributed SAML2 metadata management using MongoDB, where you learn how to store metadata documents inside MongoDB for CAS as a SAML2 identity provider and all other registered SAML2 service providers.

Apereo CAS - Slurp Configuration with Groovy

Learn how CAS configuration may be consumed via Groovy to simplify and consolidate settings for multiple deployment environments and profiles.

Apereo CAS - Configuration Management with MongoDb

CAS distributed configuration management using MongoDb, where you learn how to store and secure CAS configuration settings and properties inside MongoDb.

Apereo CAS - Integration with HashiCorp Vault

CAS distributed configuration management using HashCorp Vault, where you learn how to store and secure CAS configuration settings and properties inside Vault.

CAS 6.0.0 RC3 Feature Release which I present an overview of CAS 6.0.0 RC3 release.