Hi, There were several discussions about the renew parameter, especially when we wrote the LOA specifications. I'm in favor of blocking new identity when using the renew parameter : it should only be possible to check the password. But we didn't reach any clear agreement on this, so I guess it will stay a customization for now. Best regards, Jérôme
2013/8/22 <[email protected]> > That sounds like exactly what I want, I was hoping there was a native > mechanism to support that and initially wondered if renew was it but I > guess not. > > On Thursday, August 22, 2013 7:26:15 AM UTC+1, Jérôme LELEU wrote: >> >> Hi, >> >> What would be the expected behaviour when the user is already >> authenticated and requested to login again ? >> Do you want the login page to have the username already fixed by the >> previous authentication and only the password can be edited ? Because I'm >> pretty sure that this can be easily achieved with a customization. >> Best regards, >> Jérôme >> >> >> >> >> 2013/8/21 <[email protected]> >> >>> Thank you very much for the responses. I suspect I didn't explain myself >>> very well. The idea is that the user logs onto the web application with a >>> username and password through cas. They are then free to use the system. If >>> they attempt to click the "edit my profile" link they are then asked to >>> provide their password again before they can see that screen - to mitigate >>> against a user leaving their browser logged in, walking away and someone >>> sitting down and changing their details. Similar to the way Amazon deals >>> with editing a profile. >>> >>> I have tried to redirect to login with renew=true when the profile page >>> is requested and indeed authentication is requested but at that point any >>> valid account seems to work as it is requesting fresh credentials. I am >>> really only after them entering the password for the logged in account at >>> that point. >>> >>> Any ideas ? >>> >>> Thanks for any help. >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> >> >> >> -- >> You are currently subscribed to [email protected] as: >> jasig-cas-user...@**googlegroups.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/**display/JSG/cas-user >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> >> -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
