> However it looks like this data is located within the Authentication > Object thats serialized. > Due to the amount of users we anticipate, iterating through all the > tickets with a for loop is not scalable.
This is a common pain point. > I'm thinking of storing the TGT's against the user in LDAP so I can > easily Invalidate them with the TGT id. > Are there any other options indeed of this? I would recommend avoiding another system dependency. Let me sketch out an alternative. Add a principalId field to TicketGrantingTicketImpl that is annotated with @Column and populate it in the constructor with the corresponding field from the Authentication, Authentication#getPrincipal()#getId(). With Hibernate schema creation turned on you should now get a prinicpalId varchar field in the database on which you can query by username to look up the TGT and invalidate it. While the above requires code changes to a core CAS component, it's a fairly straightforward change that should accommodate your needs in a natural way. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
