2012 Q4 Cooperative Support for CAS Update

Cooperative Support for CAS Update

13 December 2012Bill Thompson • Andrew Petro

Thursday, December 13, 12

http://creativecommons.org/licenses/by-nc/3.0/us/deed.en_US

http://creativecommons.org/licenses/by-nc/3.0/us/deed.en_US

Agenda

1. What is this briefing?

2. Other highlights and observations

3. Done this quarter

4. Intentions for next quarter

5. Next steps


Welcome to this briefing

• Unicon’s CAS strategy

• Sourcing support for open source software

• Unicon’s “Cooperative” Support

• Thank you to our support subscribers


Introduction: Andrew Petro

• Jasig CAS committer, involved in CAS since before CAS 3

• 7 years with Unicon, most of which in Cooperative Support

• Unicon’s Cooperative Support for CAS technical lead


Introduction: Andrew Petro

• Jasig CAS committer, involved in CAS since before CAS 3

• 7 years with Unicon, most of which in Cooperative Support

• Unicon’s Cooperative Support for CAS technical lead

• Now has an adorable newborn Samuel!


This session is being recorded.

• Will post after:

• Slides

• Notes blog post with useful hyperlinks

• Slidecast with audio


Observations and Highlights


CAS Server 3.5

• Current stable release. What you adopt or upgrade to today.

• LDAP password / account policy reflection (“LPPE”)

• ClearPass included (turned off)

• EhCache Ticket Registry

• OpenID enhancements, OAuth support


CAS Server 3.5.1 released October 5th

• Numerous improvements

• Performance

• Monitoring

• Internationalization

• SAML and OAuth

• Prevent open redirects in logout redirect URL


• In service registration, optionally specify a user attribute to use in place of the traditional CAS username


Per-service usernames are convenient

• If a service only needs one user attribute (as its key to go look the user up somewhere else, say)

• Traditional CAS protocol and clients are really good at communicating one string

• Some applications not ready to cope with more complex user attributes model


CAS addons

• Free and open source add-ons for CAS server

• Trends towards newer, exploratory features

• https://github.com/Unicon/cas-addons


https://github.com/Unicon/cas-addons




Add to your CAS Maven overlay.


cas-addons

• JSON Service Registry

• MongoDb Service Registry

• JSON Person Attribute DAO

• JSON CAS ticket validation response

• Stormpath Authentication Handler

• ...


cas-addons 1.0released - What’s new?• Spring Security ClearPass support

• Per-service redirect switch

• Stop logins to an application and instead redirect users to a page explaining why

• Active SSO sessions report

• Better password encoding for matching against a database ...


CAS 4

• Roadmap:

• level of assurance capabilities and attendant protocol evolution

• Improved authentication APIs supporting multiple credentials, in part supporting this

• Catch up documented protocol to evident practices


Jasig + Sakai = Apereo

• Jasig (the non-profit context for CAS, uPortal, Bedework, SSP, etc.) consolidating with the Sakai Foundation (the non-profit context for Sakai CLE, etc.)

• New organization named “Apereo”

• http://www.apereo.org/


http://www.apereo.org/

http://www.apereo.org/

Jasig-Sakai UnConference

• January 14-16th

• Mesa, Arizona

• https://wiki.jasig.org/x/CQE_Aw


https://wiki.jasig.org/x/CQE_Aw




Unicon offering post-un-conference trainings

• CAS and Shibboleth training

• Grouper training

• uPortal Platform Training

• Contact Unicon to learn more.


Apereo 2013 Conference

• Save the date!

• Monday June 3rd through Thursday June 6th 2013

• San Diego


Cooperative Development for CAS progress in Q4 2012


What is “Cooperative Development”?

• Sustaining engineering budget under the Cooperative Support for CAS program

• Unicon maintains the supported open source software making it more supportable and valuable to subscribers

• What I love to tell the team: “Act in the best interests of the subscribers, of the community, and of Unicon”


Maintain CAS Generally

• Example: Upgraded Spring dependency to version 3.1.3

• Example: automated functional tests for CAS


Maintain Unicon-led features: ClearPass

• Fixed ClearPass pom.xml regarding EhCache dependency

• Pending pull request to add ClearPass support to the .NET CAS Client library

• Spring Security add-on adding ClearPass support


Maintain Unicon-led features: LPPE

• LPPE code quality improvements, attention to detail


Innovate on Services Registry

• Custom un-enabled service redirect URL


Evolutionary feature improvement

• Example: Password encoder supporting comparing against salted hashes


Evolutionary feature improvement

• Example: Active SSO session report


What this means for you

• Each CAS release gets a little better

• Glitches and defects are addressed

• (Sorry about the ClearPass + EhCache thing. Fixed. Again.)

• Extra features available for adoption out of cas-addons


Intentions for Cooperative Development

for CAS Q1 2013


What we do

• Maintain CAS 3.5 (current stable recommended release)

• Work towards CAS 4 (next release)

• Explore extensions and opportunities

• Responsive to inputs from subscriber experiences

• Explicit requests / votes

• Learn from providing support

• Empathize with your needs and projects


Maintain CAS 3.5

• Fix bugs

• Improve documentation as rough edges encountered


Maintain client libraries

• Example: phpCAS could use more and better logging

• Example: more and better ClearPass support in the client libraries


Work towards CAS 4

• CAS protocol update

• LPPE evolution beyond LDAP

• Multi-factor authentication support


Extensions supporting CAS adopters

• Example: active sessions report


Next Steps


This session is being recorded.

• Will post after:

• Slides

• Notes blog post with useful hyperlinks

• Slidecast with audio


Let’s do this again.

• Next Cooperative Support for CAS Update:

• March 27th 2013

• 8:30 am Pacific == 11:30 am Eastern


Feedback welcome.

• By all means, please do get in touch.


Reminder to support subscribers:

• You’re welcome encouraged to get in touch directly if you’d like any of this information contextualized to your specific situation. E.g., Should I consider putting my service registry in MongoDb? Should I use the functional tests to help verify my specific upgraded CAS environment?

• Feedback especially welcome.


Jasig-Sakai UnConference

• Tomorrow (Friday December 14th) is last day for early bird registrations!

• January 14-16th **

• Mesa, Arizona

• https://wiki.jasig.org/x/CQE_Aw






Contact Information

• Bill Thompson, Director of Identity and Access Management [email protected]

• Andrew Petro, Cooperative Support for CAS Technical Lead [email protected]


mailto:[email protected]




(License)

This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/.


Photo credits• Personal photos of Bill, Andrew, and Samuel: all rights reserved.

• Microphone:http://www.flickr.com/photos/deanhp/3711222265/http://creativecommons.org/licenses/by/2.0/deed.en

• Cactus:http://www.flickr.com/photos/robertrd/2788387337/http://creativecommons.org/licenses/by-nc-nd/2.0/

• San Diego:http://www.flickr.com/photos/nchill4x4/3430830083/http://creativecommons.org/licenses/by-nc-nd/2.0/

• Spring flower: http://www.flickr.com/photos/markusram/7035194677/ http://creativecommons.org/licenses/by-nd/2.0/


http://www.flickr.com/photos/deanhp/3711222265/

http://www.flickr.com/photos/deanhp/3711222265/

http://creativecommons.org/licenses/by-nc-nd/2.0/


http://www.flickr.com/photos/robertrd/2788387337/

http://www.flickr.com/photos/robertrd/2788387337/



http://www.flickr.com/photos/nchill4x4/3430830083/

http://www.flickr.com/photos/nchill4x4/3430830083/



http://www.flickr.com/photos/markusram/7035194677/

http://www.flickr.com/photos/markusram/7035194677/

http://creativecommons.org/licenses/by-nd/2.0/

http://creativecommons.org/licenses/by-nd/2.0/

2012 Q4 Cooperative Support for CAS Update

Technology

Transcript of 2012 Q4 Cooperative Support for CAS Update