Public briefing from Unicon's IAM team on observations and highlights about Apereo/Jasig CAS, Internet 2 Shibboleth, and Internet 2 Grouper. Unicon Open Source Support development progress and intentions for the next quarter are also shared. http://www.unicon.net/support
- 1. Unicon IAM UpdateCAS, Shibboleth, Grouper6 Nov 2014Mike
Grady Misagh MoayyedAudio is via Adobe Connect.There is no phone
dial-in.
2. Welcome to thisbriefing Updates on CAS, Shibboleth and
Grouper Unicon contributions to CAS, Shibboleth andGrouper Unicon's
Open Source Support Q&A 3. Introduction:Mike Grady IAM,
Shibboleth, CAS,SimpleSAMLphp,Internet2 Scalable Privacy 36 years
at University ofIllinois before Unicon Unicons Open SourceSupport
for Shibbolethtechnical lead 4. Introduction:Misagh Moayyed IAM,
Shibboleth, CAS,uPortal, uMobile Unicons Open SourceSupport for
CAStechnical lead 5. Guest Speaker:David Langenberg Grouper
Developer,Internet2 Shibboleth Trainer,InCommon LLC Sr Systems
Programmer,University of Chicago 6. Observations andHighlights 7.
Past Events Shibboleth Workshop Series Sept 29-30, 2014Newark, NJ
Internet2 Technology Exchange/Identity Week Oct 26-30,
Indianapolis, IN 8. Upcoming Events Shibboleth Workshop Series Nov
10-11, 2014 SaltLake City, UT 9. CommunityHighlights 10. Emerging
Trends MFA via Shib MCB, CAS-MFA, etc MFA management console that
meets campus needs User consent bundled in Shibboleth IdP V3 based
on uApprove, but can be changed Authorization via groups and
Grouper IAM cloud deployments: concerns and caveats Social/External
identities for non-core affiliations 11. HighlightsAbout CAS 12.
CAS Versions CAS Server 3.5.2.1 CAS Server 4.0.0
(5/7/2014)http://lanyrd.com/2014/apereo/sczzxx/ CAS Server 4.1.0
(In development) 13. CAS 4.0.0 CAS protocol v3; User Attributes
Password Policy EnforcementImprovements Secure Service Registry
Configuration 14. CAS 4.1 Goodies Login sequence no longer tied to
a Java WebSession. Auto-configuration of host name in
HAenvironments JSON Service Registry Many more... 15. CAS Client
Changes Java CAS Client v3.3.3*- Proper parameter encoding .NET CAS
Client v1.0.2*- Proper parameter encoding- Setting for Proxy
Callback URL* Planned support for CAS Protocol attribute retrieval
16. CAS: Moving Forward CAS v4.1: Discussion ongoingJoin
[email protected] CAS AppSec Working
Group:https://wiki.jasig.org/display/CAS/CAS+AppSec+Working+Group
17. HighlightsAbout Shibboleth 18. Shibboleth Versions IdP v3
development in
progress;https://wiki.shibboleth.net/confluence/display/DEV/IdP3Details
Latest versions: IdP v2.4.3*, SP v2.5.3*** IdP 2.4.0, 2.4.1, and
2.4.2 have vulnerabilities** The IIS SP requires 2 additional
patches to fix OpenSSL(Heartbleed) 19. Identity Provider v3
Alpha3https://wiki.shibboleth.net/confluence/display/IDP30/Alpha3+Installation
Available as a shell script and a windows installer Incompatible
with previous Alpha releases Ability to upgrade from IdP V2 Bundled
basic CAS protocol support 20. Multi-Context Broker Note latest
release late Sept 2014, version1.2.1 Fixes some bugs, minor
enhancements Plug-ins for both Duo and Toopher Analysis of what's
needed to work with ShibIdPv3:
https://wiki.shibboleth.net/confluence/x/EoEEAQ 21. HighlightsAbout
Grouper 22. Grouper v2.2http://goo.gl/5LrGAR Released July 10th.
End-user, friendly UI, security enhancements Loader performance
improvements 2.2.1 release planned on Nov 7th Upgrader for existing
deployments 23. Highlights About UniconParticipation in
CAS,Shibboleth and Grouper 24. Open Source Support Support for open
source software as adoptedby the community Unicon collaborates to
maintain the supportedopen source software making it
moresupportable and valuable to subscribers Act in the best
interest of the subscribers, thecommunity, and the project 25.
CAS-related progress 26. CAS 4.X Enhancements One cas.properties
file for all HA CAS nodes Principal available in the success view
Full theme support Upgrade to JDK7 CAS-specific SSL trust store for
proxy authN 27. cas-addonshttps://github.com/Unicon/cas-addons
Latest available release: 1.13 (updates to theHazelcast client
library) Work on CAS Server version 4.X compatiblemodules has
begun:https://github.com/unicon-cas-addons 28.
cas-mfahttps://github.com/Unicon/cas-mfa Support for MFA based on
CAS 3.5.2.1* Supported providers such as Duo, Toopher, etc v1.0.0
M6 is available for testing:http://bit.ly/1AjQwEj* Support for CAS
4.x is planned 29. Shibboleth-relatedprogress 30. Shib-CAS
authenticator v2https://github.com/Unicon/shib-cas-authn2(Has been
updated since our last briefing) v2.0.4 Fixes in support for both
forced and passiveauthN Interface added to pass additional user
infofrom CAS to Shib. 31. Other/Ongoing work Hazelcast Session
Storagehttps://github.com/UniconLabs/shib-hazelcast-storage-service
Shib Admin: initialize/manage yourrelying-parties.xml via a
UI.https://github.com/UniconLabs/shib-admin 32.
Grouper-relatedprogress 33. GoogleApps
Provisionerhttps://github.com/Unicon/googleapps-grouper-provisioner
Grouper connector to synchronize Grouper groupsand users to Google
Apps Fine-grain control over which groups areprovisioned Support
for admin/update Grouper privileges Can provision Google user
accounts. 34. Next Steps 35. What we do Collaborate to maintain
current stable recommended releases Work towards next releases
Explore extensions and opportunities Responsive to inputs from
subscriber experiences Feedback is especially welcome! Learn from
providing support Empathize with your needs and projects 36.
Questions / Discussion Mike Grady,Support for Shibboleth Technical
[email protected] Misagh Moayyed,Support for CAS Technical
[email protected]
