Jamie, > ...can support revoking a users access and having that take effect > immediately. Is there a way to do this in CAS?
That somewhat depends on what "take effect immediately" means. There is code in the community to do ABAC at the CAS server (there will be presentation on this at Jasig in June). So a tweak to an LDAP attribute would "immediately" prevent further Service Tickets (i.e. access) form being vended to the application in question for that particular user. However, CAS is not an application session manager, so an already in-flight application session would not be effected. Apache Shiro claims to support this behavior and might be option for Java based applications. Shiro also has some support for CAS. http://shiro.apache.org/ Best, Bill On Wed, May 16, 2012 at 4:31 PM, Jamie Johnson <[email protected]> wrote: > We currently are using CAS and Spring Security to secure several > applications and have been asked by our customer to investigate how we > can support revoking a users access and having that take effect > immediately. Is there a way to do this in CAS? My first thought was > to add a SAML Ticket Validator and a custom SAML Attribute Repository > which would have the most up to date roles/access controls. Is this > appropriate? Is there a better way to handle this? > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
