since before CAS 3 • 7 years with Unicon, most of which in Cooperative Support • Unicon’s Cooperative Support for CAS technical lead Friday, June 28, 13
must have succeeded • Storing more metadata about successful authentications in the SSO session • platform for implementing multifactor / LOA use cases Friday, June 28, 13
to services • Improved handling missing UI messages • JavaScript file selection power in themes • Richer markup for login form messages Friday, June 28, 13
clients (Jasig Java CAS Client, Spring Security, Apache Shiro) • Trends towards newer, exploratory features • https://github.com/ Unicon/cas-java-clients- addons Friday, June 28, 13
2.x version • Adds some basic logout support • Variety of bug fixes and added minor features • Metadata security fix • https://issues.shibboleth.net/jira/issues/? filter=10272 Friday, June 28, 13
fix (fairly significant) • https://wiki.shibboleth.net/confluence/x/ W4FC • 2.5 series has added • Attribute Checking • more Extractors and Resolvers Friday, June 28, 13
What’s new in CAS • Multifactor in CAS and Shibboleth • Node.JS CAS Client • RESTful CAS • Federation across multiple CAS domains • Tracking and terminating SSO sessions in CAS and Shibboleth • Using CAS and Grouper Web Services in .NET (tech demo) • Load balancing CAS... Friday, June 28, 13
adopted by the community • Unicon collaborates to maintain the supported open source software making it more supportable and valuable to subscribers • “Act in the best interests of the subscribers, of the community, and of Unicon” Friday, June 28, 13
assertions for SP • Added support for including: • add-html-head-content.vm • add-html-body-content.vm • Still need to create a “src/main/webapp/WEB-INF/classes/ templates” directory in Shib install directory in which to place those files • Underlying idea for this from Carnegie Mellon University Friday, June 28, 13
for IdP usage stats • Know that omitting NotBefore is now an option for dealing with clumsy SPs • Consider implementing Responsive login UI, with new default as example Friday, June 28, 13
pick up coarse grained RBAC • Interested in multifactor / stronger authentication in CAS? Consider closer involvement • in CAS 4 QA (new Authentication APIs) • in cas-mfa (immediate-term tactical incremental featureset) Friday, June 28, 13
releases • Work towards next releases • Explore extensions and opportunities • Responsive to inputs from subscriber experiences • Explicit requests • Learn from providing support • Empathize with your needs and projects Friday, June 28, 13
to allow Shib 2.x IdP to process client certs at Shib tier rather than in container tier on SOAP calls • It gets old apologizing for the lack of full Tomcat 7 support • Would this work resonate with you, our audience? Friday, June 28, 13
in touch directly if you’d like any of this information contextualized to your specific situation. E.g., Is my particular Shibboleth SP usage affected by the security fix in Shibboleth SP 2.5.2? • Feedback especially welcome. Friday, June 28, 13