> From: Ted Fisher > Sent: Thursday, August 07, 2014 12:03 PM > > No, I don't want to prompt the user at each auth attempt. Once they have > authenticated with CAS I only want the IDP to get a new ST at each auth, > which is what is not happening. I want the IDP to depend on CAS to
What method are you using to integrate CAS and shibboleth? I am using unicon's shib-cas-authn2 implementation: https://github.com/Unicon/shib-cas-authn2 And it works exactly as it sounds like you want, every time shibboleth needs to authenticate it pokes CAS, which then either requires an authentication or if there is a valid TGT presented it issues a new ST with no authentication required. I assume you removed the PreviousSession login handler in the shibboleth handler.xml configuration? -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
