...
Proposed by Misagh Moayyed
Authentication Per Service
In some cases, it may be required of the CAS server to select the authentication scheme on a per-app level, something that may be configured inside the registry. Upon selection, CAS may try to find all handlers that support that scheme, and delegate the authn request to those only that claim support.
Proposed by Misagh Moayyed
MFA Support
Extend the existing capabilities of the CAS server to provide authentication flows for MFA. Consider MFA triggers that are per service or per user group. Consider support for MFA providers such as Duo Security and Toopher. For this release, we may simply just end up doing the groundwork, paving the way for future extensions to connect to Duo, etc. Unicon has developed a cas-mfa extension that can be used to inspire ideas and design guidelines.
Consider:
- Trusted device/browsers
- Tracking metadata about the authn event (i.e. ip, location, browser, device, etc)
- Risk-based authn and assessment
Proposed by Misagh Moayyed, William G. Thompson, Jr., Jeremy Jeremy, Sean Baker
Java 8 Support
Since JDK 7 has become EOL, an effort should be made to consider building CAS on top of JDK 8. We'll need to take a closer look at our javadocs and resolves issues that the JDK compiler may complain about with a much more strict policy around javadoc gen.
Proposed by Misagh Moayyed
Gradle Build
Allow CAS to be built via Gradle. The current build and release process is very sluggish with Maven, and we could take advantage of Gradle's declarative configuration and daemon to expedite things much faster.
Proposed by Misagh Moayyed
Containerize CAS via Docker
Provide official CAS docker images as an alternative to the Maven overlay deployments.
Proposed by Misagh Moayyed
OpenID Connect
Deliver OIDC functionality. Focus on AuthZ Code profile, and then move onto additional config.
Proposed by Jérôme LELEU
JWT/StormPath AuthN via Pac4j
Implement JWT/Stormpath functionality via Pac4j. Ensure configuration is automatically available. Document.
Proposed by Jérôme LELEU,Misagh Moayyed
SAML2 WebSSO Profile
Implement SAML2 WebSSO profile for SAML SPs, thereby making CAS a SAML IDP provider. Ignore all other profiles.
Proposed by Jérôme LELEU,Misagh Moayyed
Front Channel SLO
The existing front-channel SLO feature in CAS4 is still experimental. Improvements could be made in terms of UI or client integration.
...
Proposed by Jérôme LELEU
Done Items
Authentication Per Service
In some cases, it may be required of the CAS server to select the authentication scheme on a per-app level, something that may be configured inside the registry. Upon selection, CAS may try to find all handlers that support that scheme, and delegate the authn request to those only that claim support.
Proposed by Misagh Moayyed
MFA Support
Extend the existing capabilities of the CAS server to provide authentication flows for MFA. Consider MFA triggers that are per service or per user group. Consider support for MFA providers such as Duo Security and Toopher. For this release, we may simply just end up doing the groundwork, paving the way for future extensions to connect to Duo, etc. Unicon has developed a cas-mfa extension that can be used to inspire ideas and design guidelines.
Consider:
- Trusted device/browsers
- Tracking metadata about the authn event (i.e. ip, location, browser, device, etc)
- Risk-based authn and assessment
Proposed by Misagh Moayyed, William G. Thompson, Jr., Jeremy Jeremy, Sean Baker
Java 8 Support
Since JDK 7 has become EOL, an effort should be made to consider building CAS on top of JDK 8. We'll need to take a closer look at our javadocs and resolves issues that the JDK compiler may complain about with a much more strict policy around javadoc gen.
Proposed by Misagh Moayyed
Gradle Build
Allow CAS to be built via Gradle. The current build and release process is very sluggish with Maven, and we could take advantage of Gradle's declarative configuration and daemon to expedite things much faster.
Proposed by Misagh Moayyed
Containerize CAS via Docker
Provide official CAS docker images as an alternative to the Maven overlay deployments.
Proposed by Misagh Moayyed
JWT/StormPath AuthN via Pac4j
Implement JWT/Stormpath functionality via Pac4j. Ensure configuration is automatically available. Document.
Proposed by Jérôme LELEU,Misagh Moayyed
SAML2 WebSSO Profile
Implement SAML2 WebSSO profile for SAML SPs, thereby making CAS a SAML IDP provider. Ignore all other profiles.
Proposed by Jérôme LELEU,Misagh Moayyed