Easily control and secure the access and rights of employees across the enterprise - Upgrade to CAS

Easily control and secure the access and rights of employees across the enterprise - Upgrade to CAS

26.10.2023
Central Authentication Service (CAS) is a key tool for securely authenticating and authorizing users within information systems and applications. The recent upgrade to CAS version 6 opens up new possibilities with major enhancements that include both performance optimizations and feature improvements in several areas. This article focuses on the most significant changes and enhancements within the CAS system that we have gained through several of our installations and upgrades with customers who have relied on the tool for years.

Extended support for authentication protocols

CAS provides support for a wide range of emerging authentication protocols and standards. These include OAuth2, OpenID Connect, OpenID, and SAML2. These enhancements enable integration with multiple authentication services and increase system flexibility - applications using CAS login services can now choose from a truly broad range of authentication protocols.

Multi-factor authentication

CAS now also supports multi-factor authentication and standard/commercial solutions, including hardware tokens such as Duo Security, YubiKey, RADIUS/RSA RADIUS, Acceptto, Google Authenticator, Authy TOTP, U2F - FIDO, and more. These enhancements increase the level of user authentication security.

Proxy authentication and delegated authentication

The new version also incorporates support for proxy authentication (" impersonation "), which allows a user to authenticate on behalf of another user. This is useful for a variety of scenarios where authentication needs to be performed on behalf of other entities.

Delegated authentication is then supported for external identity providers (IdP for short), including SAML2 IdP, OAuth2 IdP (Facebook, Twitter, Google, or LinkedIn), OpenID Connect IdP, and ADFS.

Flexible configuration

CAS now supports multiple configuration formats, including properties and YAML, where selected parts of the configuration can be encrypted (e.g. passwords). At the same time, the range of system features that can be easily configured in this way has increased without the need to interfere with the application's internal settings.

It also allows a central configuration server to be run, i.e. to manage the configuration outside the CAS system. This solution improves the management and maintenance of the configuration for different environments.

Performance optimization

One of the key features of the new version of CAS is performance optimization, particularly in the area of working with the Hazelcast cache. These optimizations result in faster and more efficient processing of authentication and authorization requests, as well as the ability to monitor and manage tickets in separate caches, significantly improving overall performance and facilitating platform diagnostics. CAS health monitoring has been moved to native Spring Boot (actuator) components and includes detailed system health information.

In conclusion, implementing and upgrading the CAS system is an important step towards higher levels of security, reliability, and efficiency of user authentication in information systems and applications. Updating CAS is not just a technical obligation but a strategic step that increases competitiveness and provides users with the highest level of security and convenience. Cleverbee, as an expert with in-depth knowledge of CAS system installation and configuration, helps with comprehensive authentication and authorization solutions to ensure a secure digital environment.

https://apereo.github.io/cas