CAS 5.3 Upgrade

On February 24th, we will upgrade CAS to version 5.3.7. See below for a list of new features and custom changes in the base CAS 5.3.x project.

Check back here for updates relating to this upgrade.

Milestone Dates

Oct 15, 2018 -  internal CalNet team testing
Nov 30, 2018 - 5.3.7 deployed to auth-test for campus testing
February 24, 2019  - 5.3.7 deployed to production

New Features in CAS 5.3.7

  • Support for optional browser redirection upon CAS authZ failures
  • Support for automated passphrase synchronization between the MIT Kerberos KDC and the CalNetAD DCs.
  • The SPA webflow now uses base CAS project support for surrogate/impersonated authentication by an authorized admin user. As now, admin users are authorized to impersonate by virtue of being in the SPA group. CAS service definitions can be configured so that the SPA itself meets authorization constraints, but any user/member of the SPA group must also be authorized for application access to succeed.
  • Authentication interruption and notices now use the base CAS project support, such as for 2-Step cohort notifications
  • CAS UI themes supporting delegated authentication. The Slate/MAP theme is for student applicants. The new Cirrus theme will show a social login link. The new atCal theme for UDAR sites such as those using the cal.b.e URLs. Themes are specified for registered URLs to support custom UI.
  • Duo now will challenge the real/admin/surrogate/impersonating user even when using a SPA with the spaname+realaccount syntax, unlike with the currently deployed CAS server version
  • We have switched to a different Duo integration (the Web API app) in the Duo back-end service: no change in functionality.
  • Disable autocaps for Username field as a convenience mostly for mobile browsers.
  • Allow all-numeric CalNetIDs primarily for legacy Guest accounts.
  • CAS main and HELP UI changes to display accurate information.
  • Accessibility changes for improved screen reader support.