SlideShare ist ein Scribd-Unternehmen logo

What’s new in cas 4.2

Misagh Moayyed
Misagh Moayyed

CAS 4.2 Presentation at ESUP Days in Paris

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
What’s new in CAS 4.2? Jérôme Leleu leleuj@gmail.com @leleuj Misagh Moayyed mmoayyed@unicon.net @misagh84 ESUP-Days #21/ Apereo Europe 2016
General ● 1100+ stargazers @ Github ● A new chairman, 2 new committers, many contributions ○ 1 PR a day Dmitriy Kopylenko Daniel Frett
CAS 4.2 Main Objectives ● Easy to use (Plug-N-Play) ○ You want SAML/OAuth/OpenID? Drop the module dependency into your overlay… ○ ...and done! ● Reduce configuration noise ○ Say NO to XML (well, almost!) ● Universal support (protocols, backends)
Auto-configuration To customize your CAS server (Maven overlay), you needed to (add dependencies and) override XML files: web.xml, login-webflow.xml, ticketGrantingTicketCookieGenerator.xml, ticketRegistry.xml… Now: ● Express Feature Intent (Add dependency, if needed) ● Add Settings (Change cas.properties)
Auto-configuration: CASTGC cookie v4.1: src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml: <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" c:casCookieValueManager-ref="cookieValueManager" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="TGC" p:cookiePath="/cas"/> v4.2: ticketGrantingTicketCookieGenerator.xml @Component("ticketGrantingTicketCookieGenerator") public class TGCCookieRetrievingCookieGenerator extends CookieRetrievingCookieGenerator { @Override @Autowired public void setCookieName(@Value("${tgc.name:TGC}") final String cookieName) { super.setCookieName(cookieName); } cas.properties: # Decides whether SSO cookie should be created only under secure connections. # tgc.secure=true # The name of the SSO cookie # tgc.name=TGC # The path to which the SSO cookie will be scoped # tgc.path=/cas
Auto-configuration: OAuth server support v4.1: cas-server-support-oauth module + servlet mapping on /oauth2.0/* + oauth20WrapperController in cas-servlet.xml + OAuthCallbackAuthorizeService + OAuthRegisteredService v4.2: add the dependency + OAuthRegisteredService @WebListener @Component public class OAuthServletContextListener extends AbstractServletContextInitializer { … @Override protected void initializeServletContext(final ServletContextEvent event) { if (WebUtils.isCasServletInitializing(event)) { addEndpointMappingToCasServlet(event, “/oauth2.0/*”); } } }
pac4j contributions pac4j is a Java security engine which supports most authentication mechanisms (like CAS, OAuth, SAML) and is available for most frameworks: J2E, Spring MVC, Play, Vertx, Ratpack…
pac4j contributions: CASify any webapp Using any pac4j library: j2e-pac4j, spring-webmvc-pac4j, play-pac4j, vertx-pac4j, spring-security-pac4j, buji-pac4j, etc., you can CASsify any J2E, Spring MVC, Play, Vertx, Spring Security, Shiro… webapp @Configuration public class Pac4jConfig { @Bean public Config config() { final CasClient casClient = new CasClient("https://casserverpac4j.herokuapp.com/login"); return new Config("http://localhost:8080/callback", casClient); } } @Configuration @ComponentScan(basePackages = "org.pac4j.springframework.web") public class SecurityConfig extends WebMvcConfigurerAdapter { @Autowired private Config config; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new RequiresAuthenticationInterceptor(config, "CasClient")).addPathPatterns("/cas/*"); } }
pac4j contributions: pac4j replaced Spring Security in CAS The security of the CAS server and CAS management web applications is now ensured by pac4j <context:component-scan base-package="org.pac4j.springframework.web" /> <bean id="config" class="org.pac4j.core.config.Config" c:callbackUrl="${cas-management.securityContext.serviceProperties.service}" c:client-ref="casClient" p:authorizer-ref="requireAdminRoleAuthorizer" /> <bean id="casClient" class="org.pac4j.cas.client.CasClient" p:casLoginUrl="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}" p:authorizationGenerator-ref="authorizationGenerator" /> <bean id="requireAdminRoleAuthorizer" class="org.pac4j.core.authorization.RequireAnyRoleAuthorizer" c:roles="${cas-management.securityContext.serviceProperties.adminRoles}" /> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <mvc:exclude-mapping path="/callback*" /> <mvc:exclude-mapping path="/logout*" /> <mvc:exclude-mapping path="/authorizationFailure.html" /> <bean class="org.pac4j.springframework.web.RequiresAuthenticationInterceptor" c:config-ref="config" c:clientName="CasClient" c:authorizerName="securityHeaders,csrfToken,RequireAnyRoleAuthorizer" /> </mvc:interceptor> </mvc:interceptors>
pac4j contributions: delegate authentication The cas-server-support-pac4j module handles the authentication delegation ## # Authentication delegation using pac4j # # cas.pac4j.client.authn.typedidused=true # cas.pac4j.facebook.id= # cas.pac4j.facebook.secret= # cas.pac4j.facebook.scope= # cas.pac4j.facebook.fields= # cas.pac4j.twitter.id= # cas.pac4j.twitter.secret= # cas.pac4j.saml.keystorePassword= # cas.pac4j.saml.privateKeyPassword= # cas.pac4j.saml.keystorePath= # cas.pac4j.saml.identityProviderMetadataPath= # cas.pac4j.saml.maximumAuthenticationLifetime= # cas.pac4j.saml.serviceProviderEntityId= # cas.pac4j.saml.serviceProviderMetadataPath= # cas.pac4j.cas.loginUrl= # cas.pac4j.cas.protocol= # cas.pac4j.oidc.id= # cas.pac4j.oidc.secret= # cas.pac4j.oidc.discoveryUri= # cas.pac4j.oidc.useNonce= <bean id="caswrapper1" class="org.pac4j.oauth.client.CasOAuthWrapperClient"> <property name="key" value="this_is_the_key" /> <property name="secret" value="this_is_the_secret" /> <property name="casOAuthUrl" value="http://localhost:8080/cas2/oauth2.0" /> </bean> <bean id="cas1" class="org.pac4j.cas.client.CasClient"> <property name="casLoginUrl" value="http://localhost:8080/cas2/login" /> </bean>
pac4j contributions: use pac4j authenticators The cas-server-integration-pac4j module wraps the pac4j authenticators as CAS authentication handlers: 1. MongoAuthenticationHandler (cas-server-support-mongo) 2. StormpathAuthenticationHandler (cas-server-support-stormpath) 3. TokenAuthenticationHandler (cas-server-support-token)
Build/Packaging: Gradle ● CAS 4.2 uses Gradle as its internal build mechanism ○ Codebase broken down to 86 modules ○ You still use Maven for your CAS overlays. ● Patch releases every month ● Minor releases every 3 months ● SNAPSHOT releases on every change
Build/Packaging: Docker ● CAS Docker images: https://hub.docker.com/r/apereo/cas/ ● Images work with a Maven overlay from a git repo ○ Jetty 9.3.x bundled ○ Java 8 bundled
Authentication ● Delegate AuthN to ADFS/WS-Fed ● Support for ○ Basic AuthN ○ JWT AuthN ○ MongoDb ○ Stormpath ○ Apache Shiro ● JSON as the validation response type ● YubiKey/DuoSecurity (MFA WIP)
Ticket Registry ● Apache Ignite ● Couchbase ● Infinispan Cache ○ Redis ○ Cassandra ○ MongoDb ○ Amazon S3 ○ Rackspace ○ LevelDB
Service Registry ● Couchbase ● MongoDB ● JSON Many core enhancements to the CAS service model, such as authorizations, custom properties, etc.
Services Management Web Application
Services Management Web Application
Authorizations: ABAC ● Support for service-based authorizations based on: ○ User Attributes: “only users with attribute X can access application” ○ Date/Time: “application is only accessible on Fridays between 8-10am” ○ Internet2 Grouper: “only members of this Grouper group are allowed”
Statistics/Reports
Statistics/Reports
Roadmap: CAS 4.3 @ Open Apereo 2016 ● Java 8 ● MFA support ○ Based on DuoSecurity, YubiKey, RSA/Radius ○ Include authN risk-assessment engine ● Better OAuth/OpenID Connect Support ● SAML2 Web.SSO support ● Groovy Management Console ● Cloudy-friendly/Better administrative UIs
Questions/Comments? Jérôme Leleu leleuj@gmail.com @leleuj Misagh Moayyed mmoayyed@unicon.net @misagh84 Docs: https://jasig.github.io/cas

Empfohlen

FOSSASIA 2021 - CAS
FOSSASIA 2021 - CASFOSSASIA 2021 - CAS
FOSSASIA 2021 - CASMisagh Moayyed
 
Apereo CAS 2020 - ESUP Days #31
Apereo CAS 2020 - ESUP Days #31Apereo CAS 2020 - ESUP Days #31
Apereo CAS 2020 - ESUP Days #31Misagh Moayyed
 
Apereo CAS: State of the Project 2018
Apereo CAS: State of the Project 2018Apereo CAS: State of the Project 2018
Apereo CAS: State of the Project 2018Misagh Moayyed
 
Getting Started with CAS
Getting Started with CASGetting Started with CAS
Getting Started with CASMisagh Moayyed
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vaultHenrik Høegh
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 

Empfohlen

FOSSASIA 2021 - CAS
FOSSASIA 2021 - CASFOSSASIA 2021 - CAS
FOSSASIA 2021 - CASMisagh Moayyed
 
Apereo CAS 2020 - ESUP Days #31
Apereo CAS 2020 - ESUP Days #31Apereo CAS 2020 - ESUP Days #31
Apereo CAS 2020 - ESUP Days #31Misagh Moayyed
 
Apereo CAS: State of the Project 2018
Apereo CAS: State of the Project 2018Apereo CAS: State of the Project 2018
Apereo CAS: State of the Project 2018Misagh Moayyed
 
Getting Started with CAS
Getting Started with CASGetting Started with CAS
Getting Started with CASMisagh Moayyed
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vaultHenrik Høegh
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019Icinga
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
Lets Encrypt!
Lets Encrypt!Lets Encrypt!
Lets Encrypt!Joerg Henning
 
Let's Encrypt!
Let's Encrypt!Let's Encrypt!
Let's Encrypt!Drew Fustini
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect ProtocolClément OUDOT
 
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)Igalia
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultMitchell Pronschinske
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolDavid Sweigert
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Converting you website to https
Converting you website to httpsConverting you website to https
Converting you website to httpsPeter Salerno
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework SecurityCreston Jamison
 
Security Asterisk or FreePBX with APIBAN
Security Asterisk or FreePBX with APIBANSecurity Asterisk or FreePBX with APIBAN
Security Asterisk or FreePBX with APIBANFred Posner
 
ACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyGabriell Nascimento
 
Common.logging
Common.loggingCommon.logging
Common.loggingLarry Nung
 
SignalR - Building an async web app with .NET
SignalR - Building an async web app with .NETSignalR - Building an async web app with .NET
SignalR - Building an async web app with .NETTomas Jansson
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring SecurityBurt Beckwith
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsCSNP
 
Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaSAppsembler
 
Architectural caching patterns for kubernetes
Architectural caching patterns for kubernetesArchitectural caching patterns for kubernetes
Architectural caching patterns for kubernetesRafał Leszko
 

Weitere ähnliche Inhalte

Was ist angesagt?

hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019Icinga
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect ProtocolClément OUDOT
 
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)Igalia
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultMitchell Pronschinske
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolDavid Sweigert
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
Converting you website to https
Converting you website to httpsConverting you website to https
Converting you website to httpsPeter Salerno
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework SecurityCreston Jamison
 
Security Asterisk or FreePBX with APIBAN
Security Asterisk or FreePBX with APIBANSecurity Asterisk or FreePBX with APIBAN
Security Asterisk or FreePBX with APIBANFred Posner
 
ACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyGabriell Nascimento
 
Common.logging
Common.loggingCommon.logging
Common.loggingLarry Nung
 
SignalR - Building an async web app with .NET
SignalR - Building an async web app with .NETSignalR - Building an async web app with .NET
SignalR - Building an async web app with .NETTomas Jansson
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring SecurityBurt Beckwith
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsCSNP
 

Was ist angesagt? (20)

hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
 
Lets Encrypt!
Lets Encrypt!Lets Encrypt!
Lets Encrypt!
 
Let's Encrypt!
Let's Encrypt!Let's Encrypt!
Let's Encrypt!
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
 
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing tool
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET Core
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
 
Converting you website to https
Converting you website to httpsConverting you website to https
Converting you website to https
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework Security
 
Security Asterisk or FreePBX with APIBAN
Security Asterisk or FreePBX with APIBANSecurity Asterisk or FreePBX with APIBAN
Security Asterisk or FreePBX with APIBAN
 
ACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easy
 
Common.logging
Common.loggingCommon.logging
Common.logging
 
SignalR - Building an async web app with .NET
SignalR - Building an async web app with .NETSignalR - Building an async web app with .NET
SignalR - Building an async web app with .NET
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring Security
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven Analytics
 

Ähnlich wie What’s new in cas 4.2

Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaSAppsembler
 
Architectural caching patterns for kubernetes
Architectural caching patterns for kubernetesArchitectural caching patterns for kubernetes
Architectural caching patterns for kubernetesRafał Leszko
 
Deploying windows containers with kubernetes
Deploying windows containers with kubernetesDeploying windows containers with kubernetes
Deploying windows containers with kubernetesBen Hall
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developerPaul Czarkowski
 
Architectural caching patterns for kubernetes
Architectural caching patterns for kubernetesArchitectural caching patterns for kubernetes
Architectural caching patterns for kubernetesRafał Leszko
 
Where is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by exampleWhere is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by exampleRafał Leszko
 
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...Chris Shenton
 
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...Codemotion
 
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...Codemotion
 
Spring Native and Spring AOT
Spring Native and Spring AOTSpring Native and Spring AOT
Spring Native and Spring AOTVMware Tanzu
 
CGSpace technical overview
CGSpace technical overviewCGSpace technical overview
CGSpace technical overviewILRI
 
Where is my cache? Architectural patterns for caching microservices by example
Where is my cache? Architectural patterns for caching microservices by exampleWhere is my cache? Architectural patterns for caching microservices by example
Where is my cache? Architectural patterns for caching microservices by exampleRafał Leszko
 
FIWARE Wednesday Webinars - Short Term History within Smart Systems
FIWARE Wednesday Webinars - Short Term History within Smart SystemsFIWARE Wednesday Webinars - Short Term History within Smart Systems
FIWARE Wednesday Webinars - Short Term History within Smart SystemsFIWARE
 
Where is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by exampleWhere is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by exampleRafał Leszko
 
Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Joshua Harlow
 
JS digest. November 2017
JS digest. November 2017JS digest. November 2017
JS digest. November 2017ElifTech
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalPatrick Chanezon
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 
[jLove 2020] Where is my cache architectural patterns for caching microservi...
[jLove 2020] Where is my cache architectural patterns for caching microservi...[jLove 2020] Where is my cache architectural patterns for caching microservi...
[jLove 2020] Where is my cache architectural patterns for caching microservi...Rafał Leszko
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...javier ramirez
 

Ähnlich wie What’s new in cas 4.2 (20)

Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaS
 
Architectural caching patterns for kubernetes
Architectural caching patterns for kubernetesArchitectural caching patterns for kubernetes
Architectural caching patterns for kubernetes
 
Deploying windows containers with kubernetes
Deploying windows containers with kubernetesDeploying windows containers with kubernetes
Deploying windows containers with kubernetes
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
Architectural caching patterns for kubernetes
Architectural caching patterns for kubernetesArchitectural caching patterns for kubernetes
Architectural caching patterns for kubernetes
 
Where is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by exampleWhere is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by example
 
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
 
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
 
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
Jörg Schad - Hybrid Cloud (Kubernetes, Spark, HDFS, …)-as-a-Service - Codemot...
 
Spring Native and Spring AOT
Spring Native and Spring AOTSpring Native and Spring AOT
Spring Native and Spring AOT
 
CGSpace technical overview
CGSpace technical overviewCGSpace technical overview
CGSpace technical overview
 
Where is my cache? Architectural patterns for caching microservices by example
Where is my cache? Architectural patterns for caching microservices by exampleWhere is my cache? Architectural patterns for caching microservices by example
Where is my cache? Architectural patterns for caching microservices by example
 
FIWARE Wednesday Webinars - Short Term History within Smart Systems
FIWARE Wednesday Webinars - Short Term History within Smart SystemsFIWARE Wednesday Webinars - Short Term History within Smart Systems
FIWARE Wednesday Webinars - Short Term History within Smart Systems
 
Where is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by exampleWhere is my cache architectural patterns for caching microservices by example
Where is my cache architectural patterns for caching microservices by example
 
Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]
 
JS digest. November 2017
JS digest. November 2017JS digest. November 2017
JS digest. November 2017
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - Technical
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
[jLove 2020] Where is my cache architectural patterns for caching microservi...
[jLove 2020] Where is my cache architectural patterns for caching microservi...[jLove 2020] Where is my cache architectural patterns for caching microservi...
[jLove 2020] Where is my cache architectural patterns for caching microservi...
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
 

Mehr von Misagh Moayyed

Apereo Foundation Fast Interview with CAS Chairman, Misagh Moayyed
Apereo Foundation Fast Interview with CAS Chairman, Misagh MoayyedApereo Foundation Fast Interview with CAS Chairman, Misagh Moayyed
Apereo Foundation Fast Interview with CAS Chairman, Misagh MoayyedMisagh Moayyed
 
Building Open Source Identity Infrastructures
Building Open Source Identity InfrastructuresBuilding Open Source Identity Infrastructures
Building Open Source Identity InfrastructuresMisagh Moayyed
 
Apereo 2017 - Lightening Talk
Apereo 2017 - Lightening TalkApereo 2017 - Lightening Talk
Apereo 2017 - Lightening TalkMisagh Moayyed
 
CAS Project Status 2017
CAS Project Status 2017CAS Project Status 2017
CAS Project Status 2017Misagh Moayyed
 
CAS 5 Apereo Workshop 2017
CAS 5 Apereo Workshop 2017CAS 5 Apereo Workshop 2017
CAS 5 Apereo Workshop 2017Misagh Moayyed
 
Apereo CAS: State of the Project
Apereo CAS: State of the ProjectApereo CAS: State of the Project
Apereo CAS: State of the ProjectMisagh Moayyed
 
CAS State of the Project 2016
CAS State of the Project 2016CAS State of the Project 2016
CAS State of the Project 2016Misagh Moayyed
 
OpenId Connect in Shibboleth Identity Provider
OpenId Connect in Shibboleth Identity ProviderOpenId Connect in Shibboleth Identity Provider
OpenId Connect in Shibboleth Identity ProviderMisagh Moayyed
 
A tale of two factors: MFA with CAS
A tale of two factors: MFA with CASA tale of two factors: MFA with CAS
A tale of two factors: MFA with CASMisagh Moayyed
 
CAS state of the project: Open Apereo 2015
CAS state of the project: Open Apereo 2015CAS state of the project: Open Apereo 2015
CAS state of the project: Open Apereo 2015Misagh Moayyed
 
February 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar UpdateFebruary 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar UpdateMisagh Moayyed
 

Mehr von Misagh Moayyed (16)

Apereo Foundation Fast Interview with CAS Chairman, Misagh Moayyed
Apereo Foundation Fast Interview with CAS Chairman, Misagh MoayyedApereo Foundation Fast Interview with CAS Chairman, Misagh Moayyed
Apereo Foundation Fast Interview with CAS Chairman, Misagh Moayyed
 
Building Open Source Identity Infrastructures
Building Open Source Identity InfrastructuresBuilding Open Source Identity Infrastructures
Building Open Source Identity Infrastructures
 
Apereo CAS 2019
Apereo CAS 2019Apereo CAS 2019
Apereo CAS 2019
 
Apereo 2017 - Lightening Talk
Apereo 2017 - Lightening TalkApereo 2017 - Lightening Talk
Apereo 2017 - Lightening Talk
 
CAS Project Status 2017
CAS Project Status 2017CAS Project Status 2017
CAS Project Status 2017
 
CAS 5 Apereo Workshop 2017
CAS 5 Apereo Workshop 2017CAS 5 Apereo Workshop 2017
CAS 5 Apereo Workshop 2017
 
Apereo CAS: State of the Project
Apereo CAS: State of the ProjectApereo CAS: State of the Project
Apereo CAS: State of the Project
 
CAS State of the Project 2016
CAS State of the Project 2016CAS State of the Project 2016
CAS State of the Project 2016
 
OpenId Connect in Shibboleth Identity Provider
OpenId Connect in Shibboleth Identity ProviderOpenId Connect in Shibboleth Identity Provider
OpenId Connect in Shibboleth Identity Provider
 
A tale of two factors: MFA with CAS
A tale of two factors: MFA with CASA tale of two factors: MFA with CAS
A tale of two factors: MFA with CAS
 
CAS state of the project: Open Apereo 2015
CAS state of the project: Open Apereo 2015CAS state of the project: Open Apereo 2015
CAS state of the project: Open Apereo 2015
 
CAS MFA 2014 Update
CAS MFA 2014 UpdateCAS MFA 2014 Update
CAS MFA 2014 Update
 
Latest CAS News 2014
Latest CAS News 2014Latest CAS News 2014
Latest CAS News 2014
 
CAS IU Presentation
CAS IU PresentationCAS IU Presentation
CAS IU Presentation
 
Cas iu-pres
Cas iu-presCas iu-pres
Cas iu-pres
 
February 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar UpdateFebruary 13th, 2014 - Unicon IAM Webinar Update
February 13th, 2014 - Unicon IAM Webinar Update
 

Kürzlich hochgeladen

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

What’s new in cas 4.2

  • 1. What’s new in CAS 4.2? Jérôme Leleu leleuj@gmail.com @leleuj Misagh Moayyed mmoayyed@unicon.net @misagh84 ESUP-Days #21/ Apereo Europe 2016
  • 2. General ● 1100+ stargazers @ Github ● A new chairman, 2 new committers, many contributions ○ 1 PR a day Dmitriy Kopylenko Daniel Frett
  • 3. CAS 4.2 Main Objectives ● Easy to use (Plug-N-Play) ○ You want SAML/OAuth/OpenID? Drop the module dependency into your overlay… ○ ...and done! ● Reduce configuration noise ○ Say NO to XML (well, almost!) ● Universal support (protocols, backends)
  • 4. Auto-configuration To customize your CAS server (Maven overlay), you needed to (add dependencies and) override XML files: web.xml, login-webflow.xml, ticketGrantingTicketCookieGenerator.xml, ticketRegistry.xml… Now: ● Express Feature Intent (Add dependency, if needed) ● Add Settings (Change cas.properties)
  • 5. Auto-configuration: CASTGC cookie v4.1: src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml: <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" c:casCookieValueManager-ref="cookieValueManager" p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="TGC" p:cookiePath="/cas"/> v4.2: ticketGrantingTicketCookieGenerator.xml @Component("ticketGrantingTicketCookieGenerator") public class TGCCookieRetrievingCookieGenerator extends CookieRetrievingCookieGenerator { @Override @Autowired public void setCookieName(@Value("${tgc.name:TGC}") final String cookieName) { super.setCookieName(cookieName); } cas.properties: # Decides whether SSO cookie should be created only under secure connections. # tgc.secure=true # The name of the SSO cookie # tgc.name=TGC # The path to which the SSO cookie will be scoped # tgc.path=/cas
  • 6. Auto-configuration: OAuth server support v4.1: cas-server-support-oauth module + servlet mapping on /oauth2.0/* + oauth20WrapperController in cas-servlet.xml + OAuthCallbackAuthorizeService + OAuthRegisteredService v4.2: add the dependency + OAuthRegisteredService @WebListener @Component public class OAuthServletContextListener extends AbstractServletContextInitializer { … @Override protected void initializeServletContext(final ServletContextEvent event) { if (WebUtils.isCasServletInitializing(event)) { addEndpointMappingToCasServlet(event, “/oauth2.0/*”); } } }
  • 7. pac4j contributions pac4j is a Java security engine which supports most authentication mechanisms (like CAS, OAuth, SAML) and is available for most frameworks: J2E, Spring MVC, Play, Vertx, Ratpack…
  • 8. pac4j contributions: CASify any webapp Using any pac4j library: j2e-pac4j, spring-webmvc-pac4j, play-pac4j, vertx-pac4j, spring-security-pac4j, buji-pac4j, etc., you can CASsify any J2E, Spring MVC, Play, Vertx, Spring Security, Shiro… webapp @Configuration public class Pac4jConfig { @Bean public Config config() { final CasClient casClient = new CasClient("https://casserverpac4j.herokuapp.com/login"); return new Config("http://localhost:8080/callback", casClient); } } @Configuration @ComponentScan(basePackages = "org.pac4j.springframework.web") public class SecurityConfig extends WebMvcConfigurerAdapter { @Autowired private Config config; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new RequiresAuthenticationInterceptor(config, "CasClient")).addPathPatterns("/cas/*"); } }
  • 9. pac4j contributions: pac4j replaced Spring Security in CAS The security of the CAS server and CAS management web applications is now ensured by pac4j <context:component-scan base-package="org.pac4j.springframework.web" /> <bean id="config" class="org.pac4j.core.config.Config" c:callbackUrl="${cas-management.securityContext.serviceProperties.service}" c:client-ref="casClient" p:authorizer-ref="requireAdminRoleAuthorizer" /> <bean id="casClient" class="org.pac4j.cas.client.CasClient" p:casLoginUrl="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}" p:authorizationGenerator-ref="authorizationGenerator" /> <bean id="requireAdminRoleAuthorizer" class="org.pac4j.core.authorization.RequireAnyRoleAuthorizer" c:roles="${cas-management.securityContext.serviceProperties.adminRoles}" /> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <mvc:exclude-mapping path="/callback*" /> <mvc:exclude-mapping path="/logout*" /> <mvc:exclude-mapping path="/authorizationFailure.html" /> <bean class="org.pac4j.springframework.web.RequiresAuthenticationInterceptor" c:config-ref="config" c:clientName="CasClient" c:authorizerName="securityHeaders,csrfToken,RequireAnyRoleAuthorizer" /> </mvc:interceptor> </mvc:interceptors>
  • 10. pac4j contributions: delegate authentication The cas-server-support-pac4j module handles the authentication delegation ## # Authentication delegation using pac4j # # cas.pac4j.client.authn.typedidused=true # cas.pac4j.facebook.id= # cas.pac4j.facebook.secret= # cas.pac4j.facebook.scope= # cas.pac4j.facebook.fields= # cas.pac4j.twitter.id= # cas.pac4j.twitter.secret= # cas.pac4j.saml.keystorePassword= # cas.pac4j.saml.privateKeyPassword= # cas.pac4j.saml.keystorePath= # cas.pac4j.saml.identityProviderMetadataPath= # cas.pac4j.saml.maximumAuthenticationLifetime= # cas.pac4j.saml.serviceProviderEntityId= # cas.pac4j.saml.serviceProviderMetadataPath= # cas.pac4j.cas.loginUrl= # cas.pac4j.cas.protocol= # cas.pac4j.oidc.id= # cas.pac4j.oidc.secret= # cas.pac4j.oidc.discoveryUri= # cas.pac4j.oidc.useNonce= <bean id="caswrapper1" class="org.pac4j.oauth.client.CasOAuthWrapperClient"> <property name="key" value="this_is_the_key" /> <property name="secret" value="this_is_the_secret" /> <property name="casOAuthUrl" value="http://localhost:8080/cas2/oauth2.0" /> </bean> <bean id="cas1" class="org.pac4j.cas.client.CasClient"> <property name="casLoginUrl" value="http://localhost:8080/cas2/login" /> </bean>
  • 11. pac4j contributions: use pac4j authenticators The cas-server-integration-pac4j module wraps the pac4j authenticators as CAS authentication handlers: 1. MongoAuthenticationHandler (cas-server-support-mongo) 2. StormpathAuthenticationHandler (cas-server-support-stormpath) 3. TokenAuthenticationHandler (cas-server-support-token)
  • 12. Build/Packaging: Gradle ● CAS 4.2 uses Gradle as its internal build mechanism ○ Codebase broken down to 86 modules ○ You still use Maven for your CAS overlays. ● Patch releases every month ● Minor releases every 3 months ● SNAPSHOT releases on every change
  • 13. Build/Packaging: Docker ● CAS Docker images: https://hub.docker.com/r/apereo/cas/ ● Images work with a Maven overlay from a git repo ○ Jetty 9.3.x bundled ○ Java 8 bundled
  • 14. Authentication ● Delegate AuthN to ADFS/WS-Fed ● Support for ○ Basic AuthN ○ JWT AuthN ○ MongoDb ○ Stormpath ○ Apache Shiro ● JSON as the validation response type ● YubiKey/DuoSecurity (MFA WIP)
  • 15. Ticket Registry ● Apache Ignite ● Couchbase ● Infinispan Cache ○ Redis ○ Cassandra ○ MongoDb ○ Amazon S3 ○ Rackspace ○ LevelDB
  • 16. Service Registry ● Couchbase ● MongoDB ● JSON Many core enhancements to the CAS service model, such as authorizations, custom properties, etc.
  • 17. Services Management Web Application
  • 18. Services Management Web Application
  • 19. Authorizations: ABAC ● Support for service-based authorizations based on: ○ User Attributes: “only users with attribute X can access application” ○ Date/Time: “application is only accessible on Fridays between 8-10am” ○ Internet2 Grouper: “only members of this Grouper group are allowed”
  • 22. Roadmap: CAS 4.3 @ Open Apereo 2016 ● Java 8 ● MFA support ○ Based on DuoSecurity, YubiKey, RSA/Radius ○ Include authN risk-assessment engine ● Better OAuth/OpenID Connect Support ● SAML2 Web.SSO support ● Groovy Management Console ● Cloudy-friendly/Better administrative UIs