CAS 6.0.0 RC4 Feature Release


WATCH OUT!
This post is not official yet and may be heavily edited as CAS development makes progress. Watch for further updates.
Collaborate
The blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.

The official CAS 5.3.0 GA was released on June 29th, 2018. Since then, the project has been moving forward with development of the next feature release that is tagged as 6.0.0. Note that this is a major release of the CAS software which may present significant changes in architecture, configuration or behavior. Please review the release policy to learn more about the scope of the release.

This post intends to highlight some of the improvements and enhancements packed into the fourth release candidate in the 6.0.0 series.

You can read about the previous release candidate here.

Shake Well Before Use

We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a GA release is only going to set you up for unpleasant surprises. A GA is simply a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.

In order to start experimenting with release candidates, at any given time, you should be able to append -SNAPSHOT to the CAS version specified in order to take advantage of snapshot builds as changes are made and published.

Overlay

In the gradle.properties of the overlay, adjust the following setting:

casVersion=6.0.0-RC4

Changes

New & Noteworthy

Actuator Endpoint Ids

CAS actuator endpoints are named to be more consistent with Spring Boot guidelines, to remove startup warnings and prevents errors in future upgrades to Spring Boot 2.2.x. Previous endpoints that were created using kebab-case identifiers such as spring-webflow are now switched over to use camel-case instead, such as springWebflow.

SMS via Groovy & REST

Sending SMS messages is now also possible via Groovy scripts or a REST API.

Dockerized CAS Overlay

The CAS WAR Overlay is equipped to build Docker images using jib.

Command-line Shell

The CAS Command-line Shell gets a few upgrades to stay compatible with the most recent changes to the build, as well as a few new commands to generate crypto keys or encrypt/sign data, etc.

Service Environments

Each registered application in the registry may be assigned a set of environment names.

reCAPTCHA v3

Support for reCAPTCHA v3 is now added to CAS.

Amazon Cognito Authentication

CAS is able to leverage Amazon Cognito for authentication.

SOAP Authentication

CAS is able to leverage SOAP APIs for authentication.

JDBC Naming Strategy

Additional options are exposed to help remap database virtual table names to logical names either via static settings or Groovy scripts, when database schemas and queries are created. This allows one to translate CAS-provided table names to those that might work better with older or less forgiving database platforms that have restrictions on naming, etc.

Small Stuff

  • Small number of bug fixes to handle authorization correctly for delegated authentication.
  • The configuration settings for Spring Cloud configuration modules for MongoDb, DynamoDb, JDBC, etc should properly be recognized by CAS again.
  • The background job to reload CAS registered service is made conditional to only execute in case a reloadable storage option is registered.
  • A number of additional test cases for AWS S3 functionality.
  • Improvements to the crypto algorithm selection used to generate secure random numbers.
  • CAS configuration can now be recognized via Groovy closures.
  • Security response headers can support all CAS registered service definition types.
  • Minor improvements to database attribute fetching and processing of SQL Array objects.
  • CAS configuration watch can operate on both the configuration directory and the standalone direct configuration file.
  • CAS multifactor authentication via RADIUS gains the ability to enforce a limit on the number of allowed authentication attempts.
  • Secret keys used for various signing and encryption operations can now properly be recognized via CAS settings.
  • SAML2 SLO functionality receives a number of improvements to handle various forms of bindings.

Library Upgrades

  • Spring Boot
  • Spring
  • Gradle
  • Lombok
  • Micrometer
  • Spring Integration
  • Apache Tomcat
  • Person Directory
  • CAS Security Filter
  • Amazon SDK

Resources

Get Involved

Credits

Big thanks to all who participate in the development of this release to submit patches and contribute improvements. Keep’em coming!

Misagh Moayyed

Related Posts

Apereo CAS 6.0.x - Building CAS Feature Modules

An overview of how various CAS features modules today can be changed and tested from the perspective of a CAS contributor working on the codebase itself to handle a feature request, bug fix, etc.

CAS 6.0.x Deployment - WAR Overlays

Learn how to configure and build your own CAS deployment via the WAR overlay method, get rich quickly, stay healthy indefinitely and respect family and friends in a few very easy steps.

Apereo CAS - Jib at CAS Docker Images

Learn how you may use Jib, an open-source Java containerizer from Google, and its Gradle plugin to build CAS docker images seamlessly without stepping too deep into scripting Dockerfile commands.

Apereo CAS 6 - Administrative Endpoints & Monitoring

Gain insight into your running Apereo CAS 6 deployment in production. Learn how to monitor and manage the server by using HTTP endpoints and gather metrics to diagnose issues and improve performance.

Apereo CAS - SAML2 Metadata with MongoDb

CAS distributed SAML2 metadata management using MongoDB, where you learn how to store metadata documents inside MongoDB for CAS as a SAML2 identity provider and all other registered SAML2 service providers.

Apereo CAS - Slurp Configuration with Groovy

Learn how CAS configuration may be consumed via Groovy to simplify and consolidate settings for multiple deployment environments and profiles.

Apereo CAS - Configuration Management with MongoDb

CAS distributed configuration management using MongoDb, where you learn how to store and secure CAS configuration settings and properties inside MongoDb.

Apereo CAS - Integration with HashiCorp Vault

CAS distributed configuration management using HashCorp Vault, where you learn how to store and secure CAS configuration settings and properties inside Vault.

CAS 6.0.0 RC3 Feature Release

...in which I present an overview of CAS 6.0.0 RC3 release.

Why you should choose CAS as your SSO system

Discover the true reasons to use CAS