*@*Misagh Moayyed Thank you very much for your assistance. I was able to follow QueryDatabaseAuthenticationHandler as a template, extending AbstractJdbcUsernamePasswordAuthenticationHandler, and adding my custom logic to it.
I do have a follow up question though that I haven't been able to figure out by reading the documentation. Is there any way that I can manually expire TGTs for users that are expired based on the user expiry date/time? It's my understanding that CAS will automatically send out logout messages to registered services after a user manually logs out. I can handle these messages in those services, but I'm not sure how to initiate the process manually for an expired user. Ideally I'd be able to inject some logic (similar to the custom handler) that would monitor the user table and start the SLO process by expiring the TGTs for any users whose expiry date < current time. I just have no idea if such a component exists in CAS and the ticket expiry docs don't seem to indicate any way of overriding their functionality. Thanks again! PS For anyone that might have the same issue in the future, I also had to add the following properties. This was needed to stop CAS from continuing to process other handlers and generate a TGT, even though my custom handler identified the user as expired and threw an error: cas.authn.policy.requiredHandlerAuthenticationPolicyEnabled=true cas.authn.policy.req.tryAll=false cas.authn.policy.req.handlerName=MyAuthenticationHandler cas.authn.policy.req.enabled=true > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff121726-c7f2-4e78-a4ca-537349279aaf%40apereo.org.
