Hi Guys, I have the same requirement : "Concurrent user logins of any single "user account" must be restricted."
I've implemented the solution proposed by Spring Security (http://static.springsource.org/spring-security/site/docs/3.0.x/reference/session-mgmt.html#concurrent-sessions) because before I had only JAVA applications. But since two month, I had to integrate PHP applicationS in the SSO system (and they also plan to add PAM modules). Therefore, The restriction must be implemented in CAS instead to ensure it will be applied to every CASified services. I read the solution suggested by Yuri Negocio Negocio (https://lists.wisc.edu/read/messages?id=11682842#11682842), but it's not enough because I would like to have the following behavior instead of just kicking out the old user: * Display a page that tells the user that someone else is already using his account. In this page, he will have the choice to close the old session and continue, or to use another account. (Behavior implemented by Microsoft, IBM) To acheive this, my solution is to add a new subflow in the flow of CAS server. But before, I would like to have other/better/easier opinions. Please, what do you think of this solution? -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
