CAS 6.1.0 RC1 Feature Release


Collaborate
The blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.

The official CAS 6.0.0 GA was released on December 28th, 2018. Since then, the project has been moving forward with development of the next feature release that is tagged as 6.1.0. Please review the release policy to learn more about the scope of the release. This post intends to highlight some of the improvements and enhancements packed into the first release candidate in the 6.1.0 series.

Shake Well Before Use

We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a GA release is only going to set you up for unpleasant surprises. A GA is simply a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.

In order to start experimenting with release candidates, at any given time, you should be able to append -SNAPSHOT to the CAS version specified in order to take advantage of snapshot builds as changes are made and published.

Overlay

In the gradle.properties of the overlay, adjust the following setting:

casVersion=6.1.0-RC1
System Requirements
There are no changes to the minimum system/platform requirements for this release.

Changes

New & Noteworthy

Hazelcast WAN Replication

Hazelcast WAN replication using static discovery is now supported by CAS.

SAML2 Metadata Management via JSON

SAML2 service provider integrations that do not necessarily provide metadata may be managed dynamically inside a standalone JSON file.

SAML2 Signing Credential Fingerprint

SAML services are given the ability to filter the signing credential used in the metadata by its SHA-1 fingerprint.

SAML2 Attribute Release

SAML2 Attribute Release policies are reorganized to provide distinct policies for both InCommon and REFEDS Research and Scholarship entity categories.

SAML2 Metadata Management

A new endpoint is now exposed that allows one to administer the service provider metadata cache. Minor improvements to the metadata resolution are also in place to ensure metadata cached copies and backup files are maintained correctly.

Git Service Registry

Service registry files can now be managed via Git-backed repositories.

Password Synchronization

Support for password synchronization is now available.

TLS for REST Protocol

REST Protocol is now able to support TLS for client authentication.

SAML1 Validation Actuator Endpoint

SAML1 support presents a new actuator endpoint to output a SAML1 validation payload for a given authentication transaction, allowing one to examine what CAS would produce in such attempts.

SAML2 Response Actuator Endpoint

SAML2 support presents a new actuator endpoint to output a SAML2 response payloads for a given authentication transaction, allowing one to examine what CAS would produce in such attempts.

Delegated Authentication Provisioning

Delegated Authentication gains small measures to handle provisioning tasks for profiles obtained from external identity providers.

Other Stuff

  • A significant migration effort to ensure CAS unit/integration tests are upgraded to use the JUnit 5 framework.
  • The com.unboundid:unboundid-ldapsdk is now included by default when using CAS with LDAP to allow for confirmation of the UnboundIDProvider class as the LDAP connection provider and an alternative to JNDI.
  • REST Authentication can now display warnings as part of the authentication flow.
  • REST Password Management may now support endpoints protected via Basic AuthN.
  • Security of actuator/admin endpoints protected by an IP address can now support regular expressions.
  • A number of Groovy-based components are internally improved to cache and monitor the Groovy script prior to execution.
  • Reduced LOC in favor of Lombok’s annotations such as @Getter, @Setter, etc.
  • Authentication pre/post processing can now be augmented via Groovy scripts.
  • Minor updates to CAS language bundles.
  • The internal Gradle build for the CAS codebase is set to enforce and validate the required Java version automatically before building modules.
  • Acceptable Usage Policy backed by JDBC gains a number of improvements to allow flexible controls over the construction of SQL queries and columns.
  • Internal reorganization of bypass components for multifactor authentication to ensure extensibility.
  • WSFED Protocol is now able to release claims under custom namespaces.
  • Many broken links in the CAS documentation are fixed and automated processes for checking links is now included as part of the CAS build.
  • Delegated authentication for OIDC allows for specifying the response mode and type via CAS settings.
  • Chaining attribute release policies can now control the order and the merging behavior of attributes.

Library Upgrades

  • Hibernate
  • Gradle
  • Azure KeyVault
  • OpenSAML
  • Spring Boot
  • HikariCP
  • Amazon SDK
  • Pac4j
  • JUnit

Resources

Get Involved

Credits

Big thanks to all who participate in the development of this release to submit patches and contribute improvements. Keep’em coming!

Misagh Moayyed

Related Posts

CAS 6.1.0 RC5 Feature Release

...in which I present an overview of CAS 6.1.0 RC5 release.

Apereo CAS - Handling Authentication Webflow Errors with Grace

Learn how to modify Apereo CAS to customize exception handling and produce localized error messages for your deployment.

Apereo CAS - Are We Logged In Yet?

Learn how to modify and extend a CAS deployment to determine whether an SSO session is still valid and tied to a user authentication session.

Apereo CAS - REST API Integrations

Learn how to integrate with CAS using its REST API to authenticate, exchange tickets and get access to user profiles and attributes.

CAS 6.1.0 RC4 Feature Release

...in which I present an overview of CAS 6.1.0 RC4 release.

Apereo CAS - Multifactor Provider Selection

Learn how to configure CAS to integrate with and use multiple multifactor providers at the same time. This post also reveals a few super secret and yet open-source strategies one may use to select appropriate providers for authentication attempts, whether automatically or based on a menu.

Apereo CAS - Dockerized Hazelcast Deployments

Learn how to run CAS backed by a Hazelcast cluster in Docker containers and take advantage of the Hazelcast management center to monitor and observer cluster members.

Apereo CAS - Configuration Security w/ Jasypt

Learn how to secure CAS configuration settings and properties with Jasypt.

CAS 6.1.0 RC3 Feature Release

...in which I present an overview of CAS 6.1.0 RC3 release.

Apereo CAS - Webflow Decorations

Learn how you may decorate the Apereo CAS login webflow to inject data pieces and objects into the processing engine for display purposes, peace on earth and prosperity of all mankind, etc. Mainly, etc.