Dear all: I would greatly appreciate any feedback on my post below. Forgive me if you read this post already. Possibly my post got lost in some of your weekend mails.
If the requirement itself is sound and possibly others would use it as well, we will potentially consider supporting / funding an enhancement to CAS to accomplish the same within a single CAS Server instance. Regards, Venkat. venkatk wrote: > > Dear CAS Team (and all): > > Thank you for the wonderful CAS solution. I am evaluating this for > including as part of our package used in the banking domain. > > In our package scenario, during certain sensitive steps like > authorization, we would force the user to authenticate himself again using > a different form of authentication (from the one he/she used during sign > on). To accomplish this in CAS, I am thinking of running two CAS Servers. > One for the login and another for the second authentication. > > Our web app is a RubyOnRails app. Hence we use the Ruby CAS client. All > our app servlet (controller as it is called in RubyOnRails) actions are > protected by the main filter from the CAS Client. Only for the sensitive > actions, I have setup a second CAS Client filter. This filter is set to > renew so it would authenticate each time sensitive action is invoked. > > I have been able to get this setup working. However, I had to fix some > bugs in the RubyCAS client and I will supply the patches to the RubyCAS > team. On the CAS Server side, since our app now needs to talk to two CAS > Servers, the ticket parameter name (called artifact name/id in the Java > CAS Client) should be different. > > I patched the class > > org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl > > and changed the constant CONST_PARAM_TICKET to 'ticket1' to make this > work. > > I would appreciate any feedback on this including some thoughts on below: > > 1. Am on the right track on my attempted solution? > 2. Does my approach introduce any security holes? > 3. Did I have to patch the CAS Server above to change the artifact name? > Sorry I was working without internet and didn't have access to the docs as > well. > > Thank you, > Warm Regards, > Venkat. > -- View this message in context: http://www.nabble.com/Using-CAS-in-scenario-where-two-authentications-are-required-tp15450319p15539218.html Sent from the CAS Dev mailing list archive at Nabble.com. _______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
