CAS 6.0.0 RC4 Feature Release


Collaborate
The blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.

The official CAS 5.3.0 GA was released on June 29th, 2018. Since then, the project has been moving forward with development of the next feature release that is tagged as 6.0.0. Note that this is a major release of the CAS software which may present significant changes in architecture, configuration or behavior. Please review the release policy to learn more about the scope of the release.

This post intends to highlight some of the improvements and enhancements packed into the fourth release candidate in the 6.0.0 series.

You can read about the previous release candidate here.

Shake Well Before Use

We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a GA release is only going to set you up for unpleasant surprises. A GA is simply a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.

In order to start experimenting with release candidates, at any given time, you should be able to append -SNAPSHOT to the CAS version specified in order to take advantage of snapshot builds as changes are made and published.

Overlay

In the gradle.properties of the overlay, adjust the following setting:

casVersion=6.0.0-RC4

Changes

Known Issues

The cas.admin-pages-security.ip property has been renamed to cas.monitor.endpoints.endpoint.defaults.access[0] but due to an issue, a NullPointerException will occur on startup if you use that property (in canonical form or relaxed, etc) rather than pointing at the new property name. Change the property name or don’t use the property in order to avoid the issue.

New & Noteworthy

Actuator Endpoint Ids

CAS actuator endpoints are named to be more consistent with Spring Boot guidelines, to remove startup warnings and prevents errors in future upgrades to Spring Boot 2.2.x. Previous endpoints that were created using kebab-case identifiers such as spring-webflow are now switched over to use camel-case instead, such as springWebflow.

SMS via Groovy & REST

Sending SMS messages is now also possible via Groovy scripts or a REST API.

Dockerized CAS Overlay

The CAS WAR Overlay is equipped to build Docker images using jib.

Command-line Shell

The CAS Command-line Shell gets a few upgrades to stay compatible with the most recent changes to the build, as well as a few new commands to generate crypto keys or encrypt/sign data, etc.

Service Environments

Each registered application in the registry may be assigned a set of environment names.

reCAPTCHA v3

Support for reCAPTCHA v3 is now added to CAS.

Bucket4j Integration

Authentication throttling support can now integrate with Bucket4j to handle capacity throttling for authentication requests.

Amazon Cognito Authentication

CAS is able to leverage Amazon Cognito for authentication.

SOAP Authentication

CAS is able to leverage SOAP APIs for authentication.

JDBC Naming Strategy

Additional options are exposed to help remap database virtual table names to logical names either via static settings or Groovy scripts, when database schemas and queries are created. This allows one to translate CAS-provided table names to those that might work better with older or less forgiving database platforms that have restrictions on naming, etc.

Reviewing consent decisions is now possible using the new consentReview endpoint that acts as a Spring Boot actuator endpoint.

Small Stuff

  • Small number of bug fixes to handle authorization correctly for delegated authentication.
  • The configuration settings for Spring Cloud configuration modules for MongoDb, DynamoDb, JDBC, etc should properly be recognized by CAS again.
  • The background job to reload CAS registered service is made conditional to only execute in case a reloadable storage option is registered.
  • A number of additional test cases for AWS S3 functionality.
  • Improvements to the crypto algorithm selection used to generate secure random numbers.
  • CAS configuration can now be recognized via Groovy closures.
  • Security response headers can support all CAS registered service definition types.
  • Minor improvements to database attribute fetching and processing of SQL Array objects.
  • CAS configuration watch can operate on both the configuration directory and the standalone direct configuration file.
  • CAS multifactor authentication via RADIUS gains the ability to enforce a limit on the number of allowed authentication attempts.
  • Secret keys used for various signing and encryption operations can now properly be recognized via CAS settings.
  • SAML2 SLO functionality receives a number of improvements to handle various forms of bindings.
  • CAS configuration properties that are renamed or moved to a new location should be reported on startup when used.
  • Most if not all custom shell commands used by the CAS overlay are moved into the Gradle build script.
  • Authentication throttling backed by Hazelcast gains its own independant set of properties.

Library Upgrades

  • Spring Boot
  • Spring
  • Gradle
  • Lombok
  • Micrometer
  • Spring Integration
  • Apache Tomcat
  • Person Directory
  • CAS Security Filter
  • Amazon SDK
  • JUnit
  • Nexmo
  • Spring Data

Resources

Get Involved

Credits

Big thanks to all who participate in the development of this release to submit patches and contribute improvements. Keep’em coming!

Misagh Moayyed

Related Posts

CAS 6.1.0 RC1 Feature Release

...in which I present an overview of CAS 6.1.0 RC1 release.

CAS 6.1.x Deployment - WAR Overlays

Learn how to configure and build your own CAS deployment via the WAR overlay method, get rich quickly, stay healthy indefinitely and respect family and friends in a few very easy steps.

Apereo CAS - Have you been pawned?

Learn how Apereo CAS may be configured to check for pawned passwords and warn the user, using the haveibeenpawned.com service

Apereo CAS - OohLala Mobile SAML2 Integration

Learn how to integrate OohLala Mobile with Apereo CAS running as a SAML2 identity provider.

Apereo CAS - Cranium Cafe SAML2 Integration

Learn how to integrate Cranium Cafe with Apereo CAS running as a SAML2 identity provider.

Apereo CAS - eLumen SAML2 Integration

Learn how to integrate eLumen with Apereo CAS running as a SAML2 identity provider.

Apereo CAS - Rave SAML2 Integration

Learn how to integrate Rave with Apereo CAS running as a SAML2 identity provider.

Apereo CAS - HireTouch SAML2 Integration

Learn how to integrate HireTouch with Apereo CAS running as a SAML2 identity provider.

Apereo CAS - Microsoft Office 365 SAML2 Integration

Learn how to integrate Microsoft Office 365 with Apereo CAS running as a SAML2 identity provider.

Apereo CAS - HappyFox SAML2 Integration

Learn how to integrate HappyFox with Apereo CAS running as a SAML2 identity provider.