...
Encrypt/Hash the ticket registry as appropriate to avoid people either stealing or tampering with the registry, either in the wire, in memory or on disk. Proposed by Proposals to mitigate security risks under SEC-9.
Proposed by Jérôme LELEU
Done Items
Management App Facelift
The CAS services management webapp is in dire need of attention. Improvements to UI, display of fields as well as support for OAuth services, attribute filters, and other service settings and types would be considered.
...
Support consumption of SAML's Metadata MDUI
Consider the service registry can be augmented to retrieve the MDUI info for a given entityID from the IDP's metadata sources, in cases where CAS is handling authn for a Shib Idp. The Shibboleth-CAS authn plugin is already equipped to pass along the entity id. This task would be to ensure the received entity id can in fact be looked up, MDUI retrieved and consumed, finally rendered on the CAS login page.
Note that the CAS server as of 4.1 has the ability to display a logo and description for each service access in the registry.
Proposed by William G. Thompson, Jr., Misagh Moayyed
Secure release of client credential, PGT and (optionally) CAS attributes
...