Post on 10-May-2015
description
Cooperative Support for CAS Update
13 December 2012Bill Thompson • Andrew Petro
Thursday, December 13, 12
Agenda
1. What is this briefing?
2. Other highlights and observations
3. Done this quarter
4. Intentions for next quarter
5. Next steps
Thursday, December 13, 12
Welcome to this briefing
• Unicon’s CAS strategy
• Sourcing support for open source software
• Unicon’s “Cooperative” Support
• Thank you to our support subscribers
Thursday, December 13, 12
Introduction: Andrew Petro
• Jasig CAS committer, involved in CAS since before CAS 3
• 7 years with Unicon, most of which in Cooperative Support
• Unicon’s Cooperative Support for CAS technical lead
Thursday, December 13, 12
Introduction: Andrew Petro
• Jasig CAS committer, involved in CAS since before CAS 3
• 7 years with Unicon, most of which in Cooperative Support
• Unicon’s Cooperative Support for CAS technical lead
• Now has an adorable newborn Samuel!
Thursday, December 13, 12
This session is being recorded.
• Will post after:
• Slides
• Notes blog post with useful hyperlinks
• Slidecast with audio
Thursday, December 13, 12
Observations and Highlights
Thursday, December 13, 12
CAS Server 3.5
• Current stable release. What you adopt or upgrade to today.
• LDAP password / account policy reflection (“LPPE”)
• ClearPass included (turned off)
• EhCache Ticket Registry
• OpenID enhancements, OAuth support
Thursday, December 13, 12
CAS Server 3.5.1 released October 5th
• Numerous improvements
• Performance
• Monitoring
• Internationalization
• SAML and OAuth
• Prevent open redirects in logout redirect URL
Thursday, December 13, 12
• In service registration, optionally specify a user attribute to use in place of the traditional CAS username
Thursday, December 13, 12
Per-service usernames are convenient
• If a service only needs one user attribute (as its key to go look the user up somewhere else, say)
• Traditional CAS protocol and clients are really good at communicating one string
• Some applications not ready to cope with more complex user attributes model
Thursday, December 13, 12
CAS addons
• Free and open source add-ons for CAS server
• Trends towards newer, exploratory features
• https://github.com/Unicon/cas-addons
Thursday, December 13, 12
Add to your CAS Maven overlay.
Thursday, December 13, 12
cas-addons
• JSON Service Registry
• MongoDb Service Registry
• JSON Person Attribute DAO
• JSON CAS ticket validation response
• Stormpath Authentication Handler
• ...
Thursday, December 13, 12
cas-addons 1.0released - What’s new?• Spring Security ClearPass support
• Per-service redirect switch
• Stop logins to an application and instead redirect users to a page explaining why
• Active SSO sessions report
• Better password encoding for matching against a database ...
Thursday, December 13, 12
CAS 4
• Roadmap:
• level of assurance capabilities and attendant protocol evolution
• Improved authentication APIs supporting multiple credentials, in part supporting this
• Catch up documented protocol to evident practices
Thursday, December 13, 12
Jasig + Sakai = Apereo
• Jasig (the non-profit context for CAS, uPortal, Bedework, SSP, etc.) consolidating with the Sakai Foundation (the non-profit context for Sakai CLE, etc.)
• New organization named “Apereo”
• http://www.apereo.org/
Thursday, December 13, 12
Jasig-Sakai UnConference
• January 14-16th
• Mesa, Arizona
• https://wiki.jasig.org/x/CQE_Aw
Thursday, December 13, 12
Unicon offering post-un-conference trainings
• CAS and Shibboleth training
• Grouper training
• uPortal Platform Training
• Contact Unicon to learn more.
Thursday, December 13, 12
Apereo 2013 Conference
• Save the date!
• Monday June 3rd through Thursday June 6th 2013
• San Diego
Thursday, December 13, 12
Cooperative Development for CAS progress in Q4 2012
Thursday, December 13, 12
What is “Cooperative Development”?
• Sustaining engineering budget under the Cooperative Support for CAS program
• Unicon maintains the supported open source software making it more supportable and valuable to subscribers
• What I love to tell the team: “Act in the best interests of the subscribers, of the community, and of Unicon”
Thursday, December 13, 12
Maintain CAS Generally
• Example: Upgraded Spring dependency to version 3.1.3
• Example: automated functional tests for CAS
Thursday, December 13, 12
Maintain Unicon-led features: ClearPass
• Fixed ClearPass pom.xml regarding EhCache dependency
• Pending pull request to add ClearPass support to the .NET CAS Client library
• Spring Security add-on adding ClearPass support
Thursday, December 13, 12
Maintain Unicon-led features: LPPE
• LPPE code quality improvements, attention to detail
Thursday, December 13, 12
Innovate on Services Registry
• Custom un-enabled service redirect URL
Thursday, December 13, 12
Evolutionary feature improvement
• Example: Password encoder supporting comparing against salted hashes
Thursday, December 13, 12
Evolutionary feature improvement
• Example: Active SSO session report
Thursday, December 13, 12
What this means for you
• Each CAS release gets a little better
• Glitches and defects are addressed
• (Sorry about the ClearPass + EhCache thing. Fixed. Again.)
• Extra features available for adoption out of cas-addons
Thursday, December 13, 12
Intentions for Cooperative Development
for CAS Q1 2013
Thursday, December 13, 12
What we do
• Maintain CAS 3.5 (current stable recommended release)
• Work towards CAS 4 (next release)
• Explore extensions and opportunities
• Responsive to inputs from subscriber experiences
• Explicit requests / votes
• Learn from providing support
• Empathize with your needs and projects
Thursday, December 13, 12
Maintain CAS 3.5
• Fix bugs
• Improve documentation as rough edges encountered
Thursday, December 13, 12
Maintain client libraries
• Example: phpCAS could use more and better logging
• Example: more and better ClearPass support in the client libraries
Thursday, December 13, 12
Work towards CAS 4
• CAS protocol update
• LPPE evolution beyond LDAP
• Multi-factor authentication support
Thursday, December 13, 12
Extensions supporting CAS adopters
• Example: active sessions report
Thursday, December 13, 12
Next Steps
Thursday, December 13, 12
This session is being recorded.
• Will post after:
• Slides
• Notes blog post with useful hyperlinks
• Slidecast with audio
Thursday, December 13, 12
Let’s do this again.
• Next Cooperative Support for CAS Update:
• March 27th 2013
• 8:30 am Pacific == 11:30 am Eastern
Thursday, December 13, 12
Feedback welcome.
• By all means, please do get in touch.
Thursday, December 13, 12
Reminder to support subscribers:
• You’re welcome encouraged to get in touch directly if you’d like any of this information contextualized to your specific situation. E.g., Should I consider putting my service registry in MongoDb? Should I use the functional tests to help verify my specific upgraded CAS environment?
• Feedback especially welcome.
Thursday, December 13, 12
Jasig-Sakai UnConference
• Tomorrow (Friday December 14th) is last day for early bird registrations!
• January 14-16th **
• Mesa, Arizona
• https://wiki.jasig.org/x/CQE_Aw
Thursday, December 13, 12
Contact Information
• Bill Thompson, Director of Identity and Access Management wgthom@unicon.net
• Andrew Petro, Cooperative Support for CAS Technical Lead apetro@unicon.net
Thursday, December 13, 12
(License)
This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/.
Thursday, December 13, 12
Photo credits• Personal photos of Bill, Andrew, and Samuel: all rights reserved.
• Microphone:http://www.flickr.com/photos/deanhp/3711222265/http://creativecommons.org/licenses/by/2.0/deed.en
• Cactus:http://www.flickr.com/photos/robertrd/2788387337/http://creativecommons.org/licenses/by-nc-nd/2.0/
• San Diego:http://www.flickr.com/photos/nchill4x4/3430830083/http://creativecommons.org/licenses/by-nc-nd/2.0/
• Spring flower: http://www.flickr.com/photos/markusram/7035194677/ http://creativecommons.org/licenses/by-nd/2.0/
Thursday, December 13, 12