This page references all the custom code used in CAS which can be replaced by the appropriate third-party libraries to improve reliability and security.
1) cas-server-support-oauth module
The OAuth server support is done by custom code. A better candidate for handling OAuth server support could be Spring security for OAuth : http://www.springsource.org/spring-security-oauth.
2) cas-server-support-saml module
SAML 1.1 and Google SAML 2 supports as well as SLO requests are made through custom code. They can rather rely on the opensaml library : https://wiki.shibboleth.net/confluence/display/OpenSAML/Home.