2011-2012 CAS Release Planning

Below is the release planning from August 2011 that lead to the 3.5 release in July 2012.  Current planning is available on the CAS Roadmap.

CAS 3.5 MINOR Release

Improve Default Ticket Granting Ticket Expiration Policy

Developer: William G. Thompson, Jr. via Cooperative Support and in partnership with Lamar University
JIRA: CAS-1032

CAS 3.4.10 introduced a new ticket expiration policy for ticket granting tickets that provides both a fixed and sliding window. Further background on the development of this policy is available on CAS-1003. The driver for this enhancement is a requirement from Lamar University for better control over the TGT expiration policy. This improvement ensures that TGTs will eventually expire at a fixed time.

ClearPass

Developer: Andrew Petro, Unicon via Cooperative Support

description/proposal TBD

LDAP Password Policy

Developers:

• William G. Thompson, Jr. via Cooperative Support and in partnership with Lamar University
• Andrew P Tillinghast
  JIRA: CAS-948

Make LDAP Password Policy a configurable feature and part of the Jasig CAS 3.5 distribution.

EhCacheTicketRegistry

Developers:

• William G. Thompson, Jr. via Cooperative Support
• Andrew P Tillinghast

JIRA: https://issues.jasig.org/browse/CAS-1076

https://wiki.jasig.org/display/CASUM/EhcacheTicketRegistry

https://groups.google.com/d/topic/jasig-cas-dev/CHnxp4PqSQo/discussion

CAS Service Registry Improvements

Developers: Andrew Petro, Dmitriy Kopylenko, Misagh Moayyed, Unicon via Cooperative Support

See child page CAS Services Registry Improvements for CAS 3.5 for more details.

In summary:

A kinder, gentler, more usable Services Registry with some features that make it more friendly for CAS adopters.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Switch to Apache 2.0 license

Developer: Andrew Petro, Unicon via Cooperative Support

Switch to Apache 2.0 license rather than New BSD license, executing on Transition Process for Existing Projects. This switch would bring CAS server 3.5 release into compliance with Jasig Licensing Policy.

Improved skinnability

Developer: Jacob Lichner (Deactivated) with support from Andrew Petro

Broad initiative for CAS 3.5 tracked in CAS-1061, with specific JIRA issues for trackable changes to be determined.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

All CAS adopters need to skin their CAS instance.  Additionally, CAS has a "themes" feature with support for per-service themes.  A minor version bump from CAS 3.4.x to 3.5 is an opportunity to incur minor upgrade pain (necessitating adopter changes to their skins) in exchange for worthwhile improvements in the ease, simplicity, clarity of skinning and skinning features.  Working towards 3.5 release, examine present state of features and practices for CAS skinning and themeing, and how to evolutionarily improve consistent with a 3.5 release.

Improvements to be determined, but might include: re-organizing file locations, improving default CSS and JavaScript, pulling in worthwhile JavaScript libraries for a better default experience, care in making it more feasible to skin without modifying JSPs, care in making it easier to use custom JSPs per theme, ...

Upgrade to Spring 3.1 and check all dependent libraries for current versions

Developer: Dmitriy Kopylenko, Unicon via Cooperative Support

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Enhance Monitoring and Management Capabilities

Developer: Marvin Addison, Virginia Tech

It would be helpful, particularly for enterprise and HA deployments, to expose Web service and/or JMX monitoring and management facilities for CAS to support common enterprise management and monitoring concerns such as the following:

1. Determine number of active CAS sessions.
2. Determine number of concurrent CAS sessions for a particular principal.
3. Capability to reload/restart important components (e.g. ServiceRegistry).
4. Capability to register and unregister services.
5. CAS health check target that balances completeness of health evaluation (resource utilization, authentication system health, storage connection health, etc) with performance.
6. Framework for integration with enterprise monitoring tools such as Nagios.

The specific implementation of management and monitoring functionality is second to the requirement that they are fundamentally scriptable and compatible with tooling.

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

CAS 4.0 MAJOR Release

Refactor Authentication APIs

Developer: Marvin Addison

The present AuthenticationHandler/AuthenticationManager API components have served us well for approximately a decade.  With a relatively small amount of engineering effort, we can build on these components to achieve some notable features in an elegant fashion:

• Generic authentication messaging API.  The intent is to leverage this API to extend the LPPE work for LDAP handlers to arbitrary authentication backends and provide implementations for RDBMS and X.509 certificates at a minimum.
• Support for salted passwords.
• Multi-factor authentication support.

Refactor SSO Session Management

Developers: ScottS, Marvin Addison

Refactor SSO session management with the following design goals:

1. Resolve problems with existing TicketRegistry component design (e.g. deadlocks with JpaTicketRegistry).
2. Design for multi-protocol support, including vocabulary changes that are both more general and consistent with terms used in other SSO systems.

The existing design used in https://github.com/Jasig/cas/tree/feature-cas4api would be a natural template for implementation.

Enhance Single Logout Capability

Developer: Marvin Addison

The existing single sign-out/logout (SLO) capability is based on the SAML 1.1 specification and should be updated to conform with the SAML 2 Single Logout Profile (section 4.4 of the SAML2 Profile document). In particular it would be very helpful for HA deployments to be able to use the front channel binding to avoid host affinity issues that arise from the existing back channel communication mechanism.

CAS 5.0 MAJOR Release

This release intends to build upon the API design changes in CAS4 to accomplish multi-protocol support with special emphasis on SAML 2 support.

API Redesign for Multi-Protocol Support

The CAS server API needs to be refactored in both vocabulary and design to provide pluggable support for existing and proposed SSO protocols including the following:

1. SAML2
2. OAuth
3. OpenID

SAML2 Support

Developers: ScottS, Marvin Addison

The CAS sever should provide first-class support for the following SAML2 specifications:

1. SAML SOAP Binding (integration w/3rd party apps)
2. HTTP Redirect Binding (Google Apps)
3. HTTP POST Binding (arguably easiest binding to use)
4. Web Browser SSO Profile
5. Enhanced Client or Proxy (ECP) Profile
6. Assertion Query/Request Profile
7. Basic Attribute Profile
8. Single Logout Profile