CAS 6.0 Update: Enhancements and New Features

Explore the latest updates in CAS 6.0, including upgrades to Tomcat and Java JDK, support for OAuth/OIDC protocols, and improved CAS Management features. Learn about changes in environment staging, service registration requirements, and the removal of annual renewal obligations. Discover how CAS Management now allows for revoking SSO sessions and OAuth tokens, along with registering OAuth/OIDC services. Stay informed about the upcoming CAS 6.1 release and its features related to JWT authentication.

• CAS 6.0 Update
• OAuth
• OIDC
• Java JDK
• CAS Management

verbeck_l Follow

Uploaded on Sep 23, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. CAS 6.0 Update

2. Changes in CAS 6.0 Tomcat Upgrade Java JDK Update CAS Dependencies Upgrade from 8.5 to 9.0.17 Upgrade from JDK 1.8 to JDK 11 Spring Boot 2 Spring v5

3. New Features OAuth/OIDC Protocols Supported Stage Environment Ability to revoke SSO sessions and OAuth Tokens Removed Annual Renewal Stage to Production promotion

4. Stage Environment New domain stage.cas.ucdavis.edu Same Service Registry as CAS Production Stable, only changes for production deployment Requires service to be registered (No localhost) Dev Environment New domain dev.cas.ucdavis.edu domain Old ssodev.ucdavis.edu will remain.

5. OAuth/OIDC Protocols Supported Flows Auth Code response_type=code Token/Implicit - response_type=token Resource Owner grant_type=password Limited use to most likely only departmental accounts Client Credentials - grant_type=client_credentials Useful for machine to machine auth Refresh Tokens OIDC IdToken response_type=id_token https://apereo.github.io/cas/6.0.x/installation/OAuth-OpenId- Authentication.html

6. JWTs CAS 6.0 Use OIDC IdToken for JWT Authentication CAS 6.1 Will be able to return Access Token as a JWT Checkbox in CAS Management config screen.

7. Registering OAuth/OIDC Services New /oauth endpoint in CAS Management Requires a service to be registered, does not work with wildcard New services added to "stage" first Once verified, promoted to "production"

8. CAS Management Updates Revoke TGTs Ability to revoke individual, bulk and all SSO Sessions Revoking TGT will attempt SLO to CAS clients Revoke OAuth Tokens Ability to revoke individual, bulk and all OAuth Tokens Revoking Token will not delete SSO Sessions Use base / context https://casmgr.ucdavis.edu

9. CAS Management Annual renewal requirement removed New process will monitor last time used After a period of non-use email sent to service owners Logging into service once resets timer Request Service be promoted to production Probably only used for OAuth/OIDC CAS Services can be "staged" and "promoted', but not required

10. CAS 6.1 Late Summer/Early Fall JWT Access Tokens OAuth/OIDC Certified SAML Support CAS handle SAML 2.0 requests CAS Management used to upload and manage metadata