CAS v4

Misagh Moayyed & Jérôme LELEU

ESUP - 5 février 2015

Jérôme LELEU

Leader technique

Chairman

Créateur

Level Of Assurance

v3.5

public interface Authentication extends Serializable {

    Principal getPrincipal();

    Date getAuthenticatedDate();

    Map<String, Object> getAttributes();
}

public interface Authentication extends Serializable {

    Principal getPrincipal();

    Date getAuthenticatedDate();

    Map<String, Object> getAttributes();

    List<CredentialMetaData> getCredentials();

    Map<String, HandlerResult> getSuccesses();

    Map<String, Class<? extends Exception>> getFailures();
}

v4.0

  • AuthenticationManagerImpl
  • CredentialsToPrincipalResolver
  • PolicyBasedAuthenticationManager
  • AuthenticationPolicy
  • PasswordEncoder
  • PrincipalNameTransformer
  • PasswordPolicyConfiguration
  • CredentialsToPrincipalResolver
  • AuthenticationHandler
  • AuthenticationMetaDataPopulator

Modularisation

33Mo

23Mo

Back office

cas-management-webapp, managementConfigContext.xml

Protocoles

cas-server-support-oauth,

cas-server-support-openid,

cas-server-support-saml,

cas-server-support-pac4j

(v3.5)

(v4.0)

cas-server-webapp-support

Nouveautés

/p3/serviceValidate - /p3/proxyValidate (protocol v3)

 

SLO front-channel (expérimental)

 

Ldaptive

 

Améliorations LPPE, CASTGC expiré, nouvelle doc (http://jasig.github.io/cas/4.0.x/index.html)...

Sécurité

Au moins un service CAS doit être défini

 

If either of the pgtIOU or PGT fail to be created, CAS validation response should not proceed as if validation was successful.

 

SimpleTestUserNamePassword

 

allowedToProxy = false

 

ClearPass, SecureRandom...

Multifactor authentication

https://docs.google.com/presentation/d/1ky8ancRPvEnqxS0NChdzHT9gJOtXAIYMpsSWcE35KtM/edit#slide=id.p3

Misagh Moayyed

Questions

Made with Slides.com