Hi Rolly, thanks for the comments Well right... I wouldn't ping ldap to manage my session either ;-)
But to my mind hitting CAS is not equivalent to hitting my ldap server. My view is that as a service application the CAS client/server combo abstracts away the underlying persistence backend(s) and provides me an API that allows me to mange a specific aspect (e.g. authentication) of user's access to, and usage of, my systems. I agree that doing something along the lines of what is being discussed could get chatty if misused/abused, but as you suggested, something along the lines of a periodic check at a reasonable frequency (factoring in peak concurrent usage, number of page hits, average time on page, etc) would probably be sufficient to prevent serious performance hits. At this point in time we have not settled on an approach, and using CAS for this stuff may not be the right thing to do, but we are exploring this as an option. -- View this message in context: http://n4.nabble.com/CAS-ST-validation-after-authentication-tp1474581p1475457.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
