Hi Carl, et. al., This would be a nice option to have, but I'd recommend a 2-phased approach, which I implemented in the local precursor system to CAS. When users in the local university environment power up at the start of the day, whether to log into a portal or just a bunch of applications, they often create a lot of attribute retrieval requests in a brief interval. It made sense for both performance and consistency to cache those results for a short time, like 120 seconds, but not for the life of the TGT.
Dan Ellentuck Columbia University I.T. On Wed, Sep 24, 2014 at 9:52 AM, Waldbieser, Carl <waldb...@lafayette.edu> wrote: > > Am I correct in understanding that the current behavior is to load the > attributes at the time of authentication and they get stored for the life > of the TGC (in the CAS ticket store)? > > And the proposal would be to allow the attributes to be re-populated > whenever a /serviceValidate or /proxyValidate request was successfully made? > > I hadn't noticed this behavior. I had rather assumed the dynamic behavior > was how CAS was working all along. What exactly would be the concerns with > enabling that as an option? Are there performance concerns? Or some kind > of consistency concerns? > > Thanks, > Carl Waldbieser > Systems Programmer > Lafayette College > > ----- Original Message ----- > From: "Misagh Moayyed" <mmoay...@unicon.net> > To: cas-dev@lists.jasig.org > Sent: Wednesday, September 24, 2014 5:23:29 AM > Subject: [cas-dev] Dynamic Principal Attributes: scope and feedback > > Team, > > > > Context: > > https://github.com/Jasig/cas/pull/676 > > https://github.com/Jasig/cas/issues/468 > > > > There is a pending pull and corresponding issue that tries to bring forth > support for dynamic principal attributes. This is the case where principal > attributes are not cached to the length of the SSO session, but are forced > to always be up-to-date when called upon. I want to emphasize that this is > not proposed replace the default behavior now, yet simply allows one to do > this, should the use case come up. > > > > Jérôme and I have been conversing on pros and cons of this feature, and > what it would mean for CAS deployers to turn on support for this. We are > at a point where we need more eyeballs and feedback on the issue and the > solution presented. It would be great if you could take a look at the > conversation and provide suggestions on how to best proceed forward. > > > > Regards, > > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > waldb...@lafayette.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > d...@columbia.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
