| Label |
Description |
Target |
Contributer |
Priority |
Complexity |
Dependencies |
Notes |
| 1 |
Multi Factor Authentication |
|
|
|
|
|
|
| 2 |
Expired Password Integration |
4.0 (3.x?) |
|
|
|
|
|
| 3 |
CAS provides attributes to Service Provider: Credential Type/LoA, Auth Time, Expiration Time, Biodem Data (server side config and/or with user permission), User agent attributes as CAS attributes |
3.x - 4.0
|
|
|
|
|
Started in 3.x with SAML support (or custom CAS2 protocol). Enhance support in 4.0
|
| 4 |
Service Provider specifies minimum authentication strength / authentication type / specified LoA |
4.0 |
|
|
|
|
|
| 5 |
Remember Me |
Supported (Improved in 4.0)
|
|
|
|
|
Supported, but could use hardening of stored tokens and better indicator of whether its currently remember me or not
|
| 6 |
AllowedAuthenticationHandlers for RegisteredService |
|
|
|
|
|
|
| 7 |
Variable Single Sign On Expiration: Users selected; Admin controlled by auth attributes |
|
|
|
|
|
|
| 8 |
Complete Audit Trail |
Supported |
|
|
- |
|
Utilizes the Inspektr package
|
| 9 |
Internationalization |
Supported / 4.0
|
|
|
Enormous |
|
Dependent on getting people to do the translations
|
| 10 |
Ability for Service Provider to determine if SSO session still valid |
4.0 / Not At All
|
|
|
|
|
This is difficult as a user can have multiple SSO sessions (unless we eliminate that feature)
|
| 11 |
Clusterable Single Sign On Service Instances |
Supported |
|
|
- |
|
|
| 12 |
Embedded login page |
Supported |
|
|
- |
|
|
| 13 |
Warnings (eg: your password will expire in 10 days)/Messages (/etc/motd) |
4.0 |
|
|
Medium |
|
|
| 14 |
Ability for user to see what SSO sessions have been created |
3.x |
|
|
Small |
|
|
| 15 |
Web-based configuration/installer |
|
|
|
Enormous |
|
|
| 16 |
Hardening/Anti-Phishing |
3.x - 4.0
|
|
|
|
|
Could include CAPTCHA, the selecting username and then showing an image, etc.
|
| 17 |
Improve PGT callback protocol performance/scalability |
3.x |
|
|
Medium |
|
|
| 18 |
Review CAS internal architecture |
4.0 |
|
|
Large |
|
Scott has some code that may help with this.
|
| 19 |
Federation (lite?) across multiple CAS servers |
4.0 |
|
|
Large |
|
|
| 20 |
Extend CAS to black box applications not currently CASifiable |
4.0 |
|
|
Enormous |
|
We sort of support this by being able to negotiate protocols on the CAS server side (i.e. Google Apps)
|
