Just a note that not all ticket registries are searchable, nor is it possibly efficient to search them. The default registry will return an entire collection of tickets, while the memcache registry is unable to. The JPA one will, but to load the entire table of tickets may not be efficient.
Cheers, Scott On Tue, Oct 20, 2009 at 9:05 PM, Yuriy Zubarev <[email protected]>wrote: > Thank you, It helps a lot. > > Yuriy > > > On Tue, Oct 20, 2009 at 5:41 PM, Marvin Addison > <[email protected]> wrote: > >>> We have a business rule that forbids two different users to be logged > >>> in the system under the same set of credentials at the same time. Does > >>> CAS have a support for this? > > > > No. > > > >>> Does this feature have a common name? > > > > Not that I'm aware of. > > > >> Any help would be appreciated. > > > > You will have to develop this functionality on your own. If you don't > > do any credential-to-principal resolution, this can probably be > > straightforward. In that case I would recommend extending an > > authentication handler suitable for your authentication source (e.g. > > LDAP) that uses a post-authentication process to search the > > TicketRegistry for TGTs with a principal matching the username of the > > given credential. If you find a match, return false for the > > postAuthenticate method. We discussed post-authentication handlers > > today on another thread if you'd like more background. > > > > M > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
