Thank you very much for the responses. I suspect I didn't explain myself very well. The idea is that the user logs onto the web application with a username and password through cas. They are then free to use the system. If they attempt to click the "edit my profile" link they are then asked to provide their password again before they can see that screen - to mitigate against a user leaving their browser logged in, walking away and someone sitting down and changing their details. Similar to the way Amazon deals with editing a profile.
I have tried to redirect to login with renew=true when the profile page is requested and indeed authentication is requested but at that point any valid account seems to work as it is requesting fresh credentials. I am really only after them entering the password for the logged in account at that point. Any ideas ? Thanks for any help. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
