[Micronet] CAS Authorization Reminder and Updates

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Micronet] CAS Authorization Reminder and Updates

Calnet-coordinator Departmental

Dear CalNet Developers,

Delegates - a New Affiliation Type

Starting this week, there is a new berkeleyEduAffiliations type in the CalNet LDAP Directory: STU-DELEGATES. This affiliation type represents Delegates designated by students to manage business affairs on their behalf. Please note that Delegates are not part of the current default authorization set of affiliations.  It will also not be included in the narrower default set of CAS authorization groups that will be in place on August 1, 2016, as noted below.

If you need to allow Delegates to access your CAS-protected services, please complete this CAS Service Definition form.

CAS Authorization Enforcement

CAS-enforced authorization will go live on March 29th, 2016. If you requested a CAS Service Definition, please review your application to be certain that it is working as it should be. You may use auth-test.berkeley.edu for your review.

CAS Service Name

We will deprecate all legacy CAS service names effective May 1st, 2016. On that date, the only name that will resolve to a production CAS server will be the auth.berkeley.edu name in the DNS. Please make sure that you are pointing your service to auth.berkeley.edu. If you are still pointing to one of the many previous iterations of CAS server cluster names, your service will not reach production CAS on May 1st, 2016.

Custom Service Definition

On August 1, 2016, the CAS-enforced authorization default will be limited to only Students, Employees and HCM Affiliates. Please review your service. If you need to allow populations other than the default group to access your service, complete this form: Custom Service Definition. When we receive your request, we will configure your CAS service according to your needs, starting with auth-test.berkeley.edu to allow confirmation before deploying to the auth.berkeley.edu. Find out more about CAS authorization groups online.


CAS authorization groups enforced, includes all affiliations except Delegates

March 29, 2016 - July 31st, 2016

auth.berkely.edu becomes the ONLY valid UC Berkeley CAS name

May 1st, 2016

CAS default authorization groups are limited to Students, Employees and HCM Affiliates

August 1, 2016

If you have questions or comments, contact us at:

[hidden email].


The CalNet Team

The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:


Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.