The blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.
The official CAS
5.3.0 GA was released on June 29th, 2018. Since then, the project has been moving forward with development of the next feature release that is tagged as
6.0.0. Note that this is a major release of the CAS software which may present significant changes in architecture, configuration or behavior. Please review the release policy to learn more about the scope of the release.
This post intends to highlight some of the improvements and enhancements packed into the second release candidate in the
You can read about the previous release candidate here.
Shake Well Before Use
We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a
GA release is only going to set you up for unpleasant surprises. A
GA is simply a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.
In order to start experimenting with release candidates, at any given time, you should be able to append
-SNAPSHOT to the CAS version specified in order to take advantage of snapshot builds as changes are made and published.
gradle.properties of the overlay, adjust the following setting:
- New & Noteworthy
- Small Stuff
- Library Upgrades
- Get Involved
New & Noteworthy
Work continues to ensure CAS can support and build on top of JDK 11. At this time, a number of supporting libraries that handle code generation, test coverage
and static analysis are not quite ready for JDK 11, and a few more foundational frameworks such as Spring and Spring Boot have yet to be upgraded to a release friendly
to JDK 11. In this release, the JDK requirement continues to stay at
10 with the hopes that said core components would be ready for JDK 11 around the time of
the next release candidate.
Note that this release candidate builds on top of Spring framework
5.1 and Spring Boot
2.1. The upgrade should provide improvements for CAS startup time and be ready in anticipation of the upcoming JDK
The Maven WAR overlay template is now deprecated and moved aside. The reference overlay project simply resides here and is transformed to use the Gradle build tool instead. This is done to reduce maintenance overhead and simplify the deployment strategy while allowing future attempts to make auto-generation of the overlay as comfortable as possible.
A first pass at OAuth2 User-Managed Access is now available. This is very much a rough take and will require some fine-tuning and tweaking in future iterations to fully make it spec-compliant and functional.
Authentication Source Selection
In the event that there is more than one (primary) authentication source defined, CAS is given the ability to present the user with a choice in the login screen to select the appropriate credential source before authenticating. This capability can also be automated using credential predicates if a pattern can formulated and linked to a specific authentication source. This variation here is the less-automated way of selecting an authentication source, taking into account user input directly.
The Forgot your username? scenario is now supported by the CAS password management facility.
OAuth2 Token Management
Specific endpoints are provided as part of CAS monitoring toolkit to manage and revoke OAuth2 access and refresh tokens.
Hazelcast Discovery Strategies
CAS is now able to take advantage of Kubernetes for Hazelcast auto discovery of nodes. Support for discovery strategies based on Docker Swarm is also included and available.
- Expired registered service definitions are now blocked by CAS as always, but are not strictly modified in the service registry as disabled services.
- A ton of improvements to the Travis CI integration tests to ensure performance and compliance. This area continues to improve.
- Release of authentication-level attributes, typically those related to protocols or those captured by metadata populators is now controlled via a central policy.
- Generation of CAS configuration metadata is massaged to take into account enumerations and nested inner classes.
- Delegated authentication now attempts to check for SSO status before handing off the request to a provider.
- REST API authentication using X509 is now capable of TLS client authentication.
- Delegated authentication gains the ability to use path variables for client names instead of query parameters, for identity providers such as Azure.
- CAS documentation integrates with Angolia for its search capabilities.
- SAML2 support in CAS begins to support encrypted attributes as well as name ids.
- Minor bug fixes to database schema handling, log messages, MFA context validation, ticket serialization, and OATH validations.
- CAS OpenID Connect support gains a better handle on logout and session management.
- OAuth2 grant type selection is now enforced for relying parties, etc.
- Kryo for memcached continues to auto-register a few more components, specially with CAS has turned on MFA or delegated authentication.
- Session replication can now be done using a JDBC backend.
- Yaml Service Registry is able to recognize both
- Delegated authentication to SAML identity providers gains a few bug fixes when resolving SP or IdP metadata over URLs. The service provider metadata generated by CAS can now optionally be signed using metadata signing keys.
- Spring Boot
- Spring Security
- Spring Security RSA
- Spring Data
- Spring Session
- Spring Cloud
- Commons Lang
- Commons Configuration
- Amazon AWS
- Google Maps
- UnboundID LDAP
- Apache Tomcat
- Start your CAS deployment today. Try out features and share feedback.
- Better yet, contribute patches.
- Suggest and apply documentation improvements.
Big thanks to all who participate in the development of this release to submit patches and contribute improvements. Keep’em coming!