RC5 Release Notes
We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a
GA release is only going to set
you up for unpleasant surprises. A
GA is a tag and nothing more. Note that CAS
releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain
confidence in a particular release, it is strongly recommended that you start early by experimenting with
release candidates and/or follow-up snapshots.
If you benefit from Apereo CAS as free and open-source software, we invite you to join the Apereo Foundation and financially support the project at a capacity that best suits your deployment. Note that all development activity is performed almost exclusively on a voluntary basis with no expectations, commitments or strings attached. Having the financial means to better sustain engineering activities will allow the developer community to allocate dedicated and committed time for long-term support, maintenance and release planning, especially when it comes to addressing critical and security issues in a timely manner. Funding will ensure support for the software you rely on and you gain an advantage and say in the way Apereo, and the CAS project at that, runs and operates. If you consider your CAS deployment to be a critical part of the identity and access management ecosystem, this is a viable option to consider.
- Start your CAS deployment today. Try out features and share feedback.
- Better yet, contribute patches.
- Suggest and apply documentation improvements.
gradle.properties of the CAS WAR Overlay, adjust the following setting:
There are no changes to the minimum system/platform requirements for this release.
New & Noteworthy
The following items are new improvements and enhancements presented in this release.
Documentation is now available to highlight test processes used by the CAS project and developers/contributors. The newest addition is the availability of functional/browser testing mechanisms that are backed by the Puppeteer framework. The test scenarios that are designed are executed by the CAS continuous integration system and will be improved over time to account for advanced use cases such as ensuring protocol compatibility and other variations of the authentication webflow.
WebAuthN for Primary Authentication
WebAuthn FIDO2 multifactor authentication can now, optionally, act as a standalone factor for primary authentication, for user accounts and devices that have an existing registration record with CAS.
Duo Security Universal Prompt
Support for Duo Security’s Universal Prompt for multifactor authentication is now available.
QR Code Authentication
QR Code authentication is a strategy that allows the user to scan a QR code, generated by the CAS server, using a mobile device and subsequently login after having successfully validated it.
WebAuthN LDAP Repository
WebAuthn FIDO2 multifactor authentication can now, manage and track device registration records inside LDAP directories.
CAS test coverage across all modules in the codebase has now reached
90% and continues to climb. Additional validation rules are also applied to fail all pull requests that fall below this threshold.
- Attribute resolution has gained a new option to force all attribute repositories to produce data and short-circuit the resolution logic if any repository fails to resolve the person details.
- Maven repositories managed by the Spring project are removed from the CAS gradle build.
- Improvements to password management flows to handle invalid tokens more gracefully, and allow password reset with or without single sign-on sessions.
- Releasing attributes with a space in the attribute name, due to misconfiguration, will force CAS to replace the space with
- Loading Kerberos and JAAS configuration files for SPNEGO authentication is changed to use Spring resources for syntax. You may need to ensure paths in the CAS configuration start with the
- Attribute resolution for LDAP has been improved to support fetching and mapping attributes with tags/options.
- All external links found in the CAS documentation are corrected to point to valid resources. Validation processes are also adjusted to prevent bad links.
- MySQL Driver
- MongoDb Driver
- HSQL Driver
- MariaDb Driver
- Apache Tomcat
- Spring Boot
- Thymeleaf Dialect