Unicon CAS Update March 2013
-
Upload
andrew-petro -
Category
Technology
-
view
112 -
download
0
description
Transcript of Unicon CAS Update March 2013
![Page 1: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/1.jpg)
Unicon CAS Update27 March 2013
Bill Thompson • Andrew Petro
Wednesday, March 27, 13
![Page 2: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/2.jpg)
Agenda
1. What is this briefing?
2. Highlights and observations
3. Unicon activities since previous update
4. Intentions
5. Next steps
Wednesday, March 27, 13
![Page 3: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/3.jpg)
Welcome to this briefing
• Unicon’s CAS strategy
• Sourcing support for open source software
• Unicon’s “Cooperative” Support
• Thank you to our support subscribers
Wednesday, March 27, 13
![Page 4: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/4.jpg)
Introduction: Andrew Petro
• Jasig CAS committer, involved in CAS since before CAS 3
• 7 years with Unicon, most of which in Cooperative Support
• Unicon’s Cooperative Support for CAS technical lead
Wednesday, March 27, 13
![Page 5: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/5.jpg)
This session is being recorded.
• Will post after:
• Slides
• Notes blog post with useful hyperlinks
• Slidecast with audio
Wednesday, March 27, 13
![Page 6: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/6.jpg)
Observations and Highlights
Wednesday, March 27, 13
![Page 7: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/7.jpg)
CAS Server 3.5
• Still the current stable release.
• What you adopt or upgrade to today.
Wednesday, March 27, 13
![Page 8: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/8.jpg)
CAS Server 3.5.2 released February 22nd• Security fixes
• require proxy chain for accessing /cas/clearPass
• handle exception on bad execution ID (looked like a JavaScript injection vulnerability, but isn’t really)
• Improvements:
• OAuth, monitoring, logging
Wednesday, March 27, 13
![Page 9: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/9.jpg)
CAS addons
• Free and open source add-ons for CAS server
• Trends towards newer, exploratory features
• https://github.com/Unicon/cas-addons
Wednesday, March 27, 13
![Page 10: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/10.jpg)
cas-addons
• JSON, MongoDb Service Registry
• MongoDb Service Registry
• JSON Person Attribute DAO
• JSON CAS ticket validation response
• Stormpath Authentication Handler
• ...
Wednesday, March 27, 13
![Page 11: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/11.jpg)
cas-java-clients-addons• Free and open source
add-ons for Java CAS clients (Jasig Java CAS Client, Spring Security, Apache Shiro)
• Trends towards newer, exploratory features
• https://github.com/Unicon/cas-java-clients-addons
Wednesday, March 27, 13
![Page 12: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/12.jpg)
Add to your Maven overlay, e.g.
Wednesday, March 27, 13
![Page 13: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/13.jpg)
CAS 4
• Roadmap:
• level of assurance capabilities and attendant protocol evolution
• Improved authentication APIs supporting multiple credentials, in part supporting this
• Catch up documented protocol to evident practices
Wednesday, March 27, 13
![Page 14: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/14.jpg)
CAS AppSec Working Group
• Public cas-appsec email list
• https://wiki.jasig.org/x/goRmAw
Wednesday, March 27, 13
![Page 15: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/15.jpg)
Jasig + Sakai = Apereo
• Jasig (the non-profit context for CAS, uPortal, Bedework, SSP, etc.) consolidated with the Sakai Foundation (the non-profit context for Sakai CLE, etc.)
• New organization named “Apereo”
• http://www.apereo.org/
Wednesday, March 27, 13
![Page 16: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/16.jpg)
Jasig-Sakai UnConference
• Held January 14-16th at ASU Polytechnic campus
• discussions including
• review of code towards CAS 4
• local customizations and usages of CAS
• automating 2fa token onboarding
Wednesday, March 27, 13
![Page 17: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/17.jpg)
Open Apereo 2013 Conference
• Registration open!
• Early bird until May 3rd
• ~ Sunday June 2nd through Thursday June 6th 2013
• San Diego
Wednesday, March 27, 13
![Page 18: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/18.jpg)
Apereo 2013
http://conf2013.apereo.org/schedule
Wednesday, March 27, 13
![Page 19: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/19.jpg)
CAS and Shib pre-conference seminar!
Wednesday, March 27, 13
![Page 20: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/20.jpg)
Unicon development, contribution, participation in CAS since last Update
Wednesday, March 27, 13
![Page 21: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/21.jpg)
What is “Cooperative Development”?
• Sustaining engineering budget under the Cooperative Support for CAS program
• Unicon maintains the supported open source software making it more supportable and valuable to subscribers
• What I tell the team: “Act in the best interests of the subscribers, of the community, and of Unicon”
Wednesday, March 27, 13
![Page 22: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/22.jpg)
Maintain CAS Generally and Unicon-led features
• Example: ClearPass enhanced in CAS 3.5.2 to reject bare service tickets (only proxy tickets with a blessed proxy chain allowed)
Wednesday, March 27, 13
![Page 23: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/23.jpg)
Work towards the next CAS features release (CAS 4)
• support custom filters for releasing attributes to a service
• improved message bundle handling (prefer an English message over failure)
• JavaScript file selection power in themes
• richer markup for Login form messages
Wednesday, March 27, 13
![Page 24: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/24.jpg)
Innovate on Unicon-led features
• EhCache ticket registry support for bulk ticket retrieval
Wednesday, March 27, 13
![Page 25: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/25.jpg)
cas-addons
• cas-addons 1.1
• Events framework
• Assertions convenience class
• cas-addons 1.2
• Register per-service whether login initiates a single sign-on session
Wednesday, March 27, 13
![Page 26: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/26.jpg)
cas-java-clients-addons
• Spring Security extension to integrate with ClearPass
• ClearPass proxy ticket validator
Wednesday, March 27, 13
![Page 27: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/27.jpg)
unicon-shibboleth-idp-template
• Template Shibboleth IdP
• Demonstrates deferring to CAS for login experience, credentials validation
Wednesday, March 27, 13
![Page 28: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/28.jpg)
What this means for you: tactically
• Tighten ClearPass configuration
• Upgrade to CAS 3.5.2
• continue to look to cas-addons etc. for extra features you might value, such as nuancing logging in to which services initiates SSO
Wednesday, March 27, 13
![Page 29: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/29.jpg)
What this means for you: strategically
• Each CAS release gets a little better
• Glitches and defects are addressed
• Extra features available for adoption out of cas-addons
Wednesday, March 27, 13
![Page 30: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/30.jpg)
Intentions for near-term development and
participation
Wednesday, March 27, 13
![Page 31: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/31.jpg)
What we do
• Maintain CAS 3.5 (current stable recommended release)
• Work towards CAS 4 (next release)
• Explore extensions and opportunities
• Responsive to inputs from subscriber experiences
• Explicit requests / votes
• Learn from providing support
• Empathize with your needs and projects
Wednesday, March 27, 13
![Page 32: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/32.jpg)
Maintain CAS 3.5
• especially ClearPass and EhCacheTicketRegisty
• Example: default ClearPass to encrypt credentials in cache
• Example: revisit JSP session creation
• Participate in CAS AppSec WG
Wednesday, March 27, 13
![Page 33: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/33.jpg)
Maintain client libraries
• Example: more and better ClearPass support in the client libraries
Wednesday, March 27, 13
![Page 34: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/34.jpg)
Work towards CAS 4
• CAS protocol update, now with a Working Group
• LPPE evolution beyond LDAP
• Multi-factor authentication support
Wednesday, March 27, 13
![Page 35: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/35.jpg)
Facilitate integrations among FLOSS projects
• CAS and Shibboleth IdP integration
• CAS and Grouper integration?
Wednesday, March 27, 13
![Page 36: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/36.jpg)
Next Steps
Wednesday, March 27, 13
![Page 37: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/37.jpg)
This session is being recorded.
• Will post after:
• Slides
• Notes blog post with useful hyperlinks
• Slidecast with audio
Wednesday, March 27, 13
![Page 38: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/38.jpg)
Let’s do this again.
• Next Unicon CAS Update:
• Friday June 28th
• 8:30 am Pacific == 11:30 am Eastern
• This is a date change.
Wednesday, March 27, 13
![Page 39: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/39.jpg)
Feedback welcome.
• By all means, please do get in touch.
Wednesday, March 27, 13
![Page 40: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/40.jpg)
Reminder to support subscribers:
• You’re welcome encouraged to get in touch directly if you’d like any of this information contextualized to your specific situation. E.g., Does my particular ClearPass configuration need updated to require a proxy chain?
• Feedback especially welcome.
Wednesday, March 27, 13
![Page 41: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/41.jpg)
Call to action
• Consider attending Open Apereo 2013
• Likely great CAS content, certainly great colleagues to meet with and conversations to be had.
• Kick it off with a pre-conference seminar or two.
Wednesday, March 27, 13
![Page 42: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/42.jpg)
Contact Information
• Bill Thompson, Director of Identity and Access Management [email protected]
• Andrew Petro, Cooperative Support for CAS Technical Lead [email protected]
Wednesday, March 27, 13
![Page 43: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/43.jpg)
(License)
This work is licensed under the Creative Commons Attribution-NonCommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/.
Wednesday, March 27, 13
![Page 44: Unicon CAS Update March 2013](https://reader033.fdocuments.us/reader033/viewer/2022051014/54c90fab4a79591d348b459b/html5/thumbnails/44.jpg)
Photo credits• Personal photos of Jim and Andrew: all rights reserved.
• Microphone:http://www.flickr.com/photos/deanhp/3711222265/http://creativecommons.org/licenses/by/2.0/deed.en
• Cactus:http://www.flickr.com/photos/robertrd/2788387337/http://creativecommons.org/licenses/by-nc-nd/2.0/
• San Diego:http://www.flickr.com/photos/nchill4x4/3430830083/http://creativecommons.org/licenses/by-nc-nd/2.0/
• Sun Flower:http://www.flickr.com/photos/59773274@N00http://creativecommons.org/licenses/by/2.0/
Wednesday, March 27, 13