CASv21.1.0

• Supports institution SSO migration / bridging

CASv21.0.0

• Supports KU Leuven institution SSO
• Updated copyright year 2021

CASv20.3.0

Supports department attribute for institution SSO

CASv20.2.0

• Added automatic institution selection
• Fixed branded sign-in for frenxiv
• Fixed heading for authorization failure page
• Improved generic login success page

CASv20.1.0

• Moved auth exceptions to a dedicated package
• Split the institution login exception into 3 child ones
• Fixed institution exception being thrown for OAuth failures
• Rewrote doc, comments, log and exception messages for interactive logins
• The "deleted" field of OSF TOTP is now a timestamp (, which was a boolean)

CASv20.0.0

• Fixe user status check for new unconfirmed ORCiD user
• Update the institution SSO guide for both SAML and CAS
• Adde a guide for common apache / shibboleth errors

CASv19.3.0

• Gracefully handle delegated authentication exceptions
• Update License

CASv19.2.0

Changes

• Update OSF TOTP / 2FA model: column deleted is renamed to is_deleted
• Refactor JavaDoc, comments and code style for the OAuth module
• Refactor the primary CAS readme and the OAuth server readme
• Add institution SSO guides for both SAML / Shibboleth and CAS / PAC4J
• Fix ORCiD login for local development
• Enable TODO comments

CASv19.1.0

What

Token-scope relationship mode change, a joint release with OSF and fakeCAS.

Changes

• Add M2M relationship between PAT and scope
• Add scopeId and isPublic to the scope model
• Remove scopes from the PAT model
• Update data access objects for OSF
• Update PAT handler
• Add missing license for a few models