CAS 6.1.0 RC1 Feature Release

The blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.

The official CAS 6.0.0 GA was released on December 28th, 2018. Since then, the project has been moving forward with development of the next feature release that is tagged as 6.1.0. Please review the release policy to learn more about the scope of the release. This post intends to highlight some of the improvements and enhancements packed into the first release candidate in the 6.1.0 series.

Shake Well Before Use

We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a GA release is only going to set you up for unpleasant surprises. A GA is simply a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.

In order to start experimenting with release candidates, at any given time, you should be able to append -SNAPSHOT to the CAS version specified in order to take advantage of snapshot builds as changes are made and published.


In the of the overlay, adjust the following setting:

System Requirements
There are no changes to the minimum system/platform requirements for this release.


New & Noteworthy

Hazelcast WAN Replication

Hazelcast WAN replication using static discovery is now supported by CAS.

SAML2 Metadata Management via JSON

SAML2 service provider integrations that do not necessarily provide metadata may be managed dynamically inside a standalone JSON file.

SAML2 Signing Credential Fingerprint

SAML services are given the ability to filter the signing credential used in the metadata by its SHA-1 fingerprint.

SAML2 Attribute Release

SAML2 Attribute Release policies are reorganized to provide distinct policies for both InCommon and REFEDS Research and Scholarship entity categories.

SAML2 Metadata Management

A new endpoint is now exposed that allows one to administer the service provider metadata cache. Minor improvements to the metadata resolution are also in place to ensure metadata cached copies and backup files are maintained correctly.

Git Service Registry

Service registry files can now be managed via Git-backed repositories.

Password Synchronization

Support for password synchronization is now available.

TLS for REST Protocol

REST Protocol is now able to support TLS for client authentication.

SAML1 Validation Actuator Endpoint

SAML1 support presents a new actuator endpoint to output a SAML1 validation payload for a given authentication transaction, allowing one to examine what CAS would produce in such attempts.

SAML2 Response Actuator Endpoint

SAML2 support presents a new actuator endpoint to output a SAML2 response payloads for a given authentication transaction, allowing one to examine what CAS would produce in such attempts.

Delegated Authentication Provisioning

Delegated Authentication gains small measures to handle provisioning tasks for profiles obtained from external identity providers.

Other Stuff

  • A significant migration effort to ensure CAS unit/integration tests are upgraded to use the JUnit 5 framework.
  • The com.unboundid:unboundid-ldapsdk is now included by default when using CAS with LDAP to allow for confirmation of the UnboundIDProvider class as the LDAP connection provider and an alternative to JNDI.
  • REST Authentication can now display warnings as part of the authentication flow.
  • REST Password Management may now support endpoints protected via Basic AuthN.
  • Security of actuator/admin endpoints protected by an IP address can now support regular expressions.
  • A number of Groovy-based components are internally improved to cache and monitor the Groovy script prior to execution.
  • Reduced LOC in favor of Lombok’s annotations such as @Getter, @Setter, etc.
  • Authentication pre/post processing can now be augmented via Groovy scripts.
  • Minor updates to CAS language bundles.
  • The internal Gradle build for the CAS codebase is set to enforce and validate the required Java version automatically before building modules.
  • Acceptable Usage Policy backed by JDBC gains a number of improvements to allow flexible controls over the construction of SQL queries and columns.
  • Internal reorganization of bypass components for multifactor authentication to ensure extensibility.
  • WSFED Protocol is now able to release claims under custom namespaces.
  • Many broken links in the CAS documentation are fixed and automated processes for checking links is now included as part of the CAS build.
  • Delegated authentication for OIDC allows for specifying the response mode and type via CAS settings.
  • Chaining attribute release policies can now control the order and the merging behavior of attributes.

Library Upgrades

  • Hibernate
  • Gradle
  • Azure KeyVault
  • OpenSAML
  • Spring Boot
  • HikariCP
  • Amazon SDK
  • Pac4j
  • JUnit


Get Involved


Big thanks to all who participate in the development of this release to submit patches and contribute improvements. Keep’em coming!

Misagh Moayyed

Related Posts

CAS 6.2.0 RC4 Feature Release which I present an overview of CAS 6.2.0 RC4 release.

CAS 6.2.0 RC3 Feature Release which I present an overview of CAS 6.2.0 RC3 release.

Apereo CAS - Bootiful CAS Client

Easy to use CAS Client

CAS Vulnerability Disclosure

Disclosure of a security issue with the CAS software.

Checking Out Pull Requests Locally

Check out GitHub pull requests as local branches using a simple bash function.

CAS 6.2.0 RC2 Feature Release which I present an overview of CAS 6.2.0 RC2 release.

Apereo CAS - Authentication Handler Resolution

Learn how to resolve and select authentication handlers based on configurable and flexible filtering criteria.

CAS Vulnerability Disclosure

Disclosure of a security issue with the CAS software.

Apereo CAS - SAML2 Metadata Overrides

Learn how to manage SAML2 service provider registrations in CAS and override metadata artifacts on a per-application basis.

Apereo CAS - Managing Configuration Metadata

Learn how to manage CAS configuration and properties using Spring Boot Configuration metadata.