Slideware for public briefing on Unicon's Cooperative Support for CAS Q4 2012 Cooperative Development progress, intentions for Q1 2013, and other observations and highlights about Jasig CAS. http://www.unicon.net/support/cooperative
1. Cooperative Support
for CAS Update
13 December 2012
Bill Thompson • Andrew Petro
Thursday, December 13, 12
2. Agenda
1. What is this briefing?
2. Other highlights and observations
3. Done this quarter
4. Intentions for next quarter
5. Next steps
Thursday, December 13, 12
3. Welcome to this
briefing
• Unicon’s CAS strategy
• Sourcing support for open source software
• Unicon’s “Cooperative” Support
• Thank you to our support subscribers
Thursday, December 13, 12
4. Introduction:
Andrew Petro
• Jasig CAS committer,
involved in CAS since
before CAS 3
• 7 years with Unicon, most
of which in Cooperative
Support
• Unicon’s Cooperative
Support for CAS
technical lead
Thursday, December 13, 12
5. Introduction:
Andrew Petro
• Jasig CAS committer,
involved in CAS since before
CAS 3
• 7 years with Unicon, most of
which in Cooperative
Support
• Unicon’s Cooperative
Support for CAS technical
lead
• Now has an adorable
newborn Samuel!
Thursday, December 13, 12
6. This session is being
recorded.
• Will post after:
• Slides
• Notes blog post with
useful hyperlinks
• Slidecast with audio
Thursday, December 13, 12
8. CAS Server 3.5
• Current stable release. What you adopt or
upgrade to today.
• LDAP password / account policy reflection
(“LPPE”)
• ClearPass included (turned off)
• EhCache Ticket Registry
• OpenID enhancements, OAuth support
Thursday, December 13, 12
9. CAS Server 3.5.1
released October 5th
• Numerous improvements
• Performance
• Monitoring
• Internationalization
• SAML and OAuth
• Prevent open redirects in logout redirect
URL
Thursday, December 13, 12
10. • In service registration, optionally specify a user
attribute to use in place of the traditional CAS
username
Thursday, December 13, 12
11. Per-service usernames
are convenient
• If a service only needs one user attribute (as
its key to go look the user up somewhere
else, say)
• Traditional CAS protocol and clients are
really good at communicating one string
• Some applications not ready to cope with
more complex user attributes model
Thursday, December 13, 12
12. CAS addons
• Free and open source
add-ons for CAS server
• Trends towards newer,
exploratory features
• https://github.com/
Unicon/cas-addons
Thursday, December 13, 12
13. Add to your CAS Maven overlay.
Thursday, December 13, 12
14. cas-addons
• JSON Service Registry
• MongoDb Service Registry
• JSON Person Attribute DAO
• JSON CAS ticket validation response
• Stormpath Authentication Handler
• ...
Thursday, December 13, 12
15. cas-addons 1.0
released - What’s new?
• Spring Security ClearPass support
• Per-service redirect switch
• Stop logins to an application and instead
redirect users to a page explaining why
• Active SSO sessions report
• Better password encoding for matching
against a database ...
Thursday, December 13, 12
16. CAS 4
• Roadmap:
• level of assurance capabilities and
attendant protocol evolution
• Improved authentication APIs supporting
multiple credentials, in part supporting this
• Catch up documented protocol to evident
practices
Thursday, December 13, 12
17. Jasig + Sakai = Apereo
• Jasig (the non-profit context for CAS,
uPortal, Bedework, SSP, etc.) consolidating
with the Sakai Foundation (the non-profit
context for Sakai CLE, etc.)
• New organization named “Apereo”
• http://www.apereo.org/
Thursday, December 13, 12
18. Jasig-Sakai
UnConference
• January 14-16th
• Mesa, Arizona
• https://wiki.jasig.org/x/
CQE_Aw
Thursday, December 13, 12
19. Unicon offering post-un-
conference trainings
• CAS and Shibboleth
training
• Grouper training
• uPortal Platform Training
• Contact Unicon to learn
more.
Thursday, December 13, 12
20. Apereo 2013
Conference
• Save the date!
• Monday June 3rd through
Thursday June 6th 2013
• San Diego
Thursday, December 13, 12
21. Cooperative
Development for CAS
progress in Q4 2012
Thursday, December 13, 12
22. What is “Cooperative
Development”?
• Sustaining engineering budget under the
Cooperative Support for CAS program
• Unicon maintains the supported open
source software making it more
supportable and valuable to subscribers
• What I love to tell the team:
“Act in the best interests of the subscribers, of
the community, and of Unicon”
Thursday, December 13, 12
23. Maintain CAS Generally
• Example: Upgraded Spring dependency to
version 3.1.3
• Example: automated functional tests for
CAS
Thursday, December 13, 12
24. Maintain Unicon-led
features: ClearPass
• Fixed ClearPass pom.xml regarding EhCache
dependency
• Pending pull request to add ClearPass
support to the .NET CAS Client library
• Spring Security add-on adding ClearPass
support
Thursday, December 13, 12
25. Maintain Unicon-led
features: LPPE
• LPPE code quality improvements, attention
to detail
Thursday, December 13, 12
26. Innovate on Services
Registry
• Custom un-enabled service redirect URL
Thursday, December 13, 12
27. Evolutionary feature
improvement
• Example: Password encoder supporting
comparing against salted hashes
Thursday, December 13, 12
28. Evolutionary feature
improvement
• Example: Active SSO session report
Thursday, December 13, 12
29. What this means for
you
• Each CAS release gets a little better
• Glitches and defects are addressed
• (Sorry about the ClearPass + EhCache
thing. Fixed. Again.)
• Extra features available for adoption out of
cas-addons
Thursday, December 13, 12
30. Intentions for
Cooperative Development
for CAS Q1 2013
Thursday, December 13, 12
31. What we do
• Maintain CAS 3.5 (current stable recommended
release)
• Work towards CAS 4 (next release)
• Explore extensions and opportunities
• Responsive to inputs from subscriber experiences
• Explicit requests / votes
• Learn from providing support
• Empathize with your needs and projects
Thursday, December 13, 12
32. Maintain CAS 3.5
• Fix bugs
• Improve documentation as rough edges
encountered
Thursday, December 13, 12
33. Maintain client libraries
• Example: phpCAS could use more and
better logging
• Example: more and better ClearPass support
in the client libraries
Thursday, December 13, 12
34. Work towards CAS 4
• CAS protocol update
• LPPE evolution beyond LDAP
• Multi-factor authentication support
Thursday, December 13, 12
35. Extensions supporting
CAS adopters
• Example: active sessions report
Thursday, December 13, 12
37. This session is being
recorded.
• Will post after:
• Slides
• Notes blog post with
useful hyperlinks
• Slidecast with audio
Thursday, December 13, 12
38. Let’s do this again.
• Next Cooperative
Support for CAS Update:
• March 27th 2013
• 8:30 am Pacific ==
11:30 am Eastern
Thursday, December 13, 12
39. Feedback welcome.
• By all means, please do get in touch.
Thursday, December 13, 12
40. Reminder to support
subscribers:
• You’re welcome encouraged to get in touch
directly if you’d like any of this information
contextualized to your specific situation.
E.g., Should I consider putting my service registry
in MongoDb? Should I use the functional tests
to help verify my specific upgraded CAS
environment?
• Feedback especially welcome.
Thursday, December 13, 12
41. Jasig-Sakai
UnConference
• Tomorrow (Friday
December 14th) is last
day for early bird
registrations!
• January 14-16th **
• Mesa, Arizona
• https://wiki.jasig.org/x/
CQE_Aw
Thursday, December 13, 12
42. Contact Information
• Bill Thompson,
Director of Identity and Access Management
wgthom@unicon.net
• Andrew Petro,
Cooperative Support for CAS Technical Lead
apetro@unicon.net
Thursday, December 13, 12
43. (License)
This work is licensed under the Creative
Commons Attribution-NonCommercial 3.0
United States License. To view a copy of this
license, visit http://creativecommons.org/
licenses/by-nc/3.0/us/.
Thursday, December 13, 12
44. Photo credits
• Personal photos of Bill, Andrew, and Samuel: all rights reserved.
• Microphone:
http://www.flickr.com/photos/deanhp/3711222265/
http://creativecommons.org/licenses/by/2.0/deed.en
• Cactus:
http://www.flickr.com/photos/robertrd/2788387337/
http://creativecommons.org/licenses/by-nc-nd/2.0/
• San Diego:
http://www.flickr.com/photos/nchill4x4/3430830083/
http://creativecommons.org/licenses/by-nc-nd/2.0/
• Spring flower:
http://www.flickr.com/photos/markusram/7035194677/
http://creativecommons.org/licenses/by-nd/2.0/
Thursday, December 13, 12