CAS

Apereo CAS High-Availability with Hazelcast and Kubernetes

November, 2018 - When it comes to deploying a highly available CAS server, one of the chief concerns is to choose a technology that is capable of sharing CAS-generated tickets across multiple server nodes. The task of managing and administering CAS tickets is handled today by a Ticket Registry component that is backed by a variety of technologies able to persist, manage, and distribute ticket objects across the entire CAS cluster. Perhaps the most popular and better-adopted option in this area is a ticket registry solution backed by Hazelcast.

CAS Server: Interrupt Me, Please!

October, 2018 - Modern CAS (versions 5.2+) has an ability to interrupt authentication flow after primary authentication principal trust has been established. This ability enables CAS to execute an intermediary piece of application logic before continuing to establish Web Single Sign On session and routing requests back to target applications. These intermediary interrupt components are able to implement logic, for example, to present notification messages to the user, provide options for redirects to external services, etc.

Identity and Access Management Semi-Annual OSS Briefing

June, 2017 - The Identity and Access Management (IAM) team completed the first of two Open Source Support Briefings for 2017. This briefing included a collaborative discussion on completed development donated to the IAM open source communities (CAS, Shibboleth, and Grouper) via the OSS program; along with highlights on IAM community events, trends, and activities. The technical presentation suggests recommendations and best practices based on recent development. The briefing wraps up with an open forum allowing for all to engage with their suggestions, ideas, and thoughts on future development.

Unicon IAM Update/Briefing - September 15, 2016

December, 2016 - Unicon’s IAM team had their a quarterly Open Source Support briefing. The host of the webinar was Charise Arrowood (Sr.Director, Identity & Access Management Services), and the presenters were Mike Grady (IAM Architect), Dmitriy Kopylenko (IAM Developer), and John Gasper (IAM Consultant)

Apereo CAS 5 Release Announcement

November, 2016 - The Apereo Foundation has announced the official GA release of CAS 5. This is a major release which is packed with a lot of new features and enhancements, some of which are described here.

Keep Up with IAM Best Practices

Columbia University image

Columbia University

Extending WebSSO to the Cloud

Institutions need the convenience and security of accessing data and collaborating in the cloud. Google Apps for Education is gaining tremendous popularity among higher education institutions as an answer to this need. Columbia University decided on Google Apps, and needed to extend their local proprietary Web single sign-on (WebSSO) system (called WIND) to the cloud.

WebSSO and Federated Identity for the Campus

Julliard Case Study photo
Security and access control are top priorities for today’s CIOs. CIOs need to provide a secure environment for their constituents to collaborate, perform research, and have access to important campus resources and services. A secure cyber infrastructure protects both its users and sensitive information, while allowing users access to resources for collaboration. At the Juilliard School, many different applications needed the convenience of Web single sign-on and federated identity to provide the security and access control the institution required.

LDAP TLS/SSL Config for the Shibboleth IdP Explained

February, 2015 -Many Shibboleth IdP adopters use LDAP as an authentication provider and an attribute source. There is always the question of "do we need to configure TLS/SSL for the IdP's connection to the LDAP server(s)?" My response is "always," because we need to protect the user's credentials even in the most trusted network.

shib-cas-authn3 supports Shib IdP v3.0

January, 2015 - The shib-cas-authn extensions, developed as part of Unicon's Open Source Support program, is used to delegate the Shibboleth IdP's user authentication to a CAS Server. Whether the client application is a CAS client or a Shibboleth/SAML SP, the integration presents the user with a single SSO experience. Today, Unicon's IAM team released the next version of the shib-cas-authn extension.