> In cas-server-3.3.1 we need that when a user has successfully authenticated > username and password then check for the values of 'tamuFlag'. > If 'tamuFlag' has value 'passwordExpired' then do not login user and show > error message that 'Login failed because your password has expired'. > If 'tamuFlag' has value 'ssatExpired' then do not login user and show error > message that 'Login failed because your Student Information Security > Awareness training is due'.
CAS is an authentication system, not an authorization system. The design leaves all authorization decisions in the hands of clients. It is the responsibility of your clients to use the attributes above to enforce security responsibility. That said, many have created CAS extensions to allow for centralized security policy enforcement. I believe CAS4 will have better support for this than CAS3, but I am fairly confident such features will always feel like an extension than a core competency. Hope that helps, M P.S. We kindly request that you not double post to cas-dev and cas-user. The sorts of questions you're asking are cas-user questions, and most folks that read cas-user are on cas-dev anyway. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
