Sounds like multifactor authentication. Have you had a chance to review this?
https://github.com/Unicon/cas-mfa From: [email protected] [mailto:[email protected]] Sent: Wednesday, August 21, 2013 7:26 AM To: [email protected] Subject: [cas-user] Re-authentication for higher security pages Hi, We currently have a web application protected with CAS and have a new requirement to request re-authentication (or at least the users password) when a logged on user accesses a higher security area of the site. Is there a standard mechanism/pattern for achieving this - I came across the renew=true login parameter but that seems to request a complete new authentication rather than requiring a user to "prove" their currently logged on account. Cheers. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
