The blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.
The official CAS 6.0.0 GA was released on December 28th, 2018. Since then, the project has been moving forward with development of the next feature release that is tagged as 6.1.0. Please review the release policy to learn more about the scope of the release. This post intends to highlight some of the improvements and enhancements packed into the first release candidate in the 6.1.0 series.
Shake Well Before Use
We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a GA release is only going to set you up for unpleasant surprises. A GA is simply a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.
In order to start experimenting with release candidates, at any given time, you should be able to append -SNAPSHOT to the CAS version specified in order to take advantage of snapshot builds as changes are made and published.
Overlay
In the gradle.properties of the overlay, adjust the following setting:
casVersion=6.1.0-RC1
There are no changes to the minimum system/platform requirements for this release.
Changes
- New & Noteworthy
- Hazelcast WAN Replication
- SAML2 Metadata Management via JSON
- SAML2 Signing Credential Fingerprint
- SAML2 Attribute Release
- SAML2 Metadata Management
- Git Service Registry
- Password Synchronization
- TLS for REST Protocol
- SAML1 Validation Actuator Endpoint
- SAML2 Response Actuator Endpoint
- Delegated Authentication Provisioning
- Other Stuff
- Library Upgrades
- Resources
- Get Involved
- Credits
New & Noteworthy
Hazelcast WAN Replication
Hazelcast WAN replication using static discovery is now supported by CAS.
SAML2 Metadata Management via JSON
SAML2 service provider integrations that do not necessarily provide metadata may be managed dynamically inside a standalone JSON file.
SAML2 Signing Credential Fingerprint
SAML services are given the ability
to filter the signing credential used in the metadata by its SHA-1 fingerprint.
SAML2 Attribute Release
SAML2 Attribute Release policies are reorganized to provide distinct policies for both InCommon and REFEDS Research and Scholarship entity categories.
SAML2 Metadata Management
A new endpoint is now exposed that allows one to administer the service provider metadata cache. Minor improvements to the metadata resolution are also in place to ensure metadata cached copies and backup files are maintained correctly.
Git Service Registry
Service registry files can now be managed via Git-backed repositories.
Password Synchronization
Support for password synchronization is now available.
TLS for REST Protocol
REST Protocol is now able to support TLS for client authentication.
SAML1 Validation Actuator Endpoint
SAML1 support presents a new actuator endpoint to output a SAML1 validation payload for a given authentication transaction, allowing one to examine what CAS would produce in such attempts.
SAML2 Response Actuator Endpoint
SAML2 support presents a new actuator endpoint to output a SAML2 response payloads for a given authentication transaction, allowing one to examine what CAS would produce in such attempts.
Delegated Authentication Provisioning
Delegated Authentication gains small measures to handle provisioning tasks for profiles obtained from external identity providers.
Other Stuff
- A significant migration effort to ensure CAS unit/integration tests are upgraded to use the JUnit 5 framework.
- The
com.unboundid:unboundid-ldapsdkis now included by default when using CAS with LDAP to allow for confirmation of theUnboundIDProviderclass as the LDAP connection provider and an alternative to JNDI. - REST Authentication can now display warnings as part of the authentication flow.
- REST Password Management may now support endpoints protected via Basic AuthN.
- Security of actuator/admin endpoints protected by an IP address can now support regular expressions.
- A number of Groovy-based components are internally improved to cache and monitor the Groovy script prior to execution.
- Reduced LOC in favor of Lombok’s annotations such as
@Getter,@Setter, etc. - Authentication pre/post processing can now be augmented via Groovy scripts.
- Minor updates to CAS language bundles.
- The internal Gradle build for the CAS codebase is set to enforce and validate the required Java version automatically before building modules.
- Acceptable Usage Policy backed by JDBC gains a number of improvements to allow flexible controls over the construction of SQL queries and columns.
- Internal reorganization of bypass components for multifactor authentication to ensure extensibility.
- WSFED Protocol is now able to release claims under custom namespaces.
- Many broken links in the CAS documentation are fixed and automated processes for checking links is now included as part of the CAS build.
- Delegated authentication for OIDC allows for specifying the response mode and type via CAS settings.
- Chaining attribute release policies can now control the order and the merging behavior of attributes.
Library Upgrades
- Hibernate
- Gradle
- Azure KeyVault
- OpenSAML
- Spring Boot
- HikariCP
- Amazon SDK
- Pac4j
- JUnit
Resources
Get Involved
- Start your CAS deployment today. Try out features and share feedback.
- Better yet, contribute patches.
- Suggest and apply documentation improvements.
Credits
Big thanks to all who participate in the development of this release to submit patches and contribute improvements. Keep’em coming!