Well, the difference is that I need them to stay logged in as the previous user. So, I'm testing that they CAN log in as a different user, in order to link the two accounts, but the initial authentication should remain intact. At this point, I'm thinking the only way I can do it is to just have my application hit the user table in or database directly, and test the password without involving CAS. I had thought that there may be a way to pass a ticket over to CAS, get a success or failure back, and then process that ticket in my app without going through the entire login flow, but I just don't understand tickets well enough to see how.
To put it another way, I need my CASified app to be able to say to CAS "Hey, I'm logged in and I'm authorized to do this, so can you just tell me if this OTHER userid/password combo is valid?" and have it respond yes or no. From: Scott Battaglia [mailto:[email protected]] Sent: Thursday, August 13, 2009 9:16 AM To: [email protected] Subject: Re: [cas-user] Testing a Userid/Password from a different account I'm not familiar with your scenario, as we for the most part, make sure you only have one NetId (there are some exceptions but they get resolved). If you need someone to re-authenticate as a new person, you can always redirect them to CAS with a renew=true parameter. Cheers, Scott On Thu, Aug 13, 2009 at 9:09 AM, Kimberly Ennis <[email protected]> wrote: I'm hoping someone has some insight into this... I'm on a tight time schedule and at a loss about how to best implement something like this without opening up a can of worms. Has anyone had an instance where a User needs to log in or authenticate as a different user in order to prove that they have 2 different identities (for the purposes of linking an account or some other purpose)? Or, is there a good way to test authentication without going through the log in flow? From: Kimberly Ennis Sent: Wednesday, August 12, 2009 3:28 PM To: [email protected] Subject: [cas-user] Testing a Userid/Password from a different account This is a strange request, and I'm not sure that it can be done in CAS, but I thought I'd check and see if anyone has ever done this before. Basically, we have many different companies that can log into our application. Using the "old" (homebrew, not CAS) security system, a single person might have many userids, depending on their admin role and what they have access to, in order to get into the site. We've also create a new, separate application with CAS above it to be able to log in, but the old application will not be switching to CAS at this point due to time and resource constraints (It would be a heck of a lot of work to switch it over). What my requirements are is to create a feature that will link all of these accounts together - so, I might have 20 different userids that will be linked together, and be able to switch to any of the 19 other accounts at any time. We are using Spring Security, and I was thinking that there must be a way to leverage the SwitchUserProcessingFilter to make this happen - and I would assume any questions I have about that part should be directed to the Spring Security folks and not this list. The bigger question, though, is how to get the users linked in the first place. If I am logged in as UserA, and I want to link my UserA account to UserB and UserC, I would need to authenticate into the UserB and UserC accounts with the correct password in order to link the accounts. Is there a way to do this with CAS? Can I log into two accounts at the same time, or "test" my ability to authenticate as a different user while I'm logged in? Has anyone ever implemented something like this before? The whole scenario is confusing, so I apologize if it doesn't make sense. Let me know if you need further clarification. --Kim -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
