For the first issue, the goal was merely to invalidate any TGTs that are still valid for the same user if they were associated with a different IP address than the user is using presently. If Fred moves from his laptop to his desktop, then the TGT he got on his laptop gets thrown away.
But if he just switches from Safari to Chrome on his desktop, he can keep using both. :) The solution works, FWIW. I was just offering it in case anyone else needed to do the same thing. For item 2, our solution works for that as well. We could use the REST API as well, but it's more round-trips to the server to achieve the same thing, IIANM. ________________________________________ From: jleleu [lel...@gmail.com] Sent: Wednesday, September 05, 2012 12:20 AM To: cas-dev@lists.jasig.org Subject: re:[cas-dev] Offering a couple solutions Hi, For the first issue, I understand you want to check IP address between SSO sessions for the same user (does the user use the same IP address as in its previous SSO session ?). It means you need to keep expired TGTs : how that can be possible as ticket registries are associated to mechanims to clean old tickets. What about the performance impact of keeping old TGTs ? At first, reading quickly your post, I thought you want to check on IP address in the *same* SSO session, meaning : I log in with a certain IP, then every time I access a service, I want to be sure to use the same IP, otherwise I have to re-authenticate. It makes more sense to me, doesn't it ? For your second issue, we had exactly the same need : extend the SSO session by "following" the webapp session and we had a close solution. Even if it works, I'm wondering if using the REST API woudln't be a best solution [1] ? Best regards, Jérôme [1] : https://wiki.jasig.org/display/CASUM/RESTful+API -- You are currently subscribed to cas-dev@lists.jasig.org as: nsa...@silverspringnet.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
