Renew does sound like it should renew an existing identity. Im afraid im a bit of a newbie when it comes to customising cas. Do you have any pointers for where to start ? Any wiki articles ? Or do I need to start trawling source code ? Regardless, thank you very much for your help.
On Thursday, August 22, 2013 9:32:03 AM UTC+1, Jérôme LELEU wrote: > > Hi, > > There were several discussions about the renew parameter, especially when > we wrote the LOA specifications. > I'm in favor of blocking new identity when using the renew parameter : it > should only be possible to check the password. > But we didn't reach any clear agreement on this, so I guess it will stay a > customization for now. > Best regards, > Jérôme > > > > > 2013/8/22 <[email protected] <javascript:>> > >> That sounds like exactly what I want, I was hoping there was a native >> mechanism to support that and initially wondered if renew was it but I >> guess not. >> >> On Thursday, August 22, 2013 7:26:15 AM UTC+1, Jérôme LELEU wrote: >>> >>> Hi, >>> >>> What would be the expected behaviour when the user is already >>> authenticated and requested to login again ? >>> Do you want the login page to have the username already fixed by the >>> previous authentication and only the password can be edited ? Because I'm >>> pretty sure that this can be easily achieved with a customization. >>> Best regards, >>> Jérôme >>> >>> >>> >>> >>> 2013/8/21 <[email protected]> >>> >>>> Thank you very much for the responses. I suspect I didn't explain >>>> myself very well. The idea is that the user logs onto the web application >>>> with a username and password through cas. They are then free to use the >>>> system. If they attempt to click the "edit my profile" link they are then >>>> asked to provide their password again before they can see that screen - to >>>> mitigate against a user leaving their browser logged in, walking away and >>>> someone sitting down and changing their details. Similar to the way Amazon >>>> deals with editing a profile. >>>> >>>> I have tried to redirect to login with renew=true when the profile page >>>> is requested and indeed authentication is requested but at that point any >>>> valid account seems to work as it is requesting fresh credentials. I am >>>> really only after them entering the password for the logged in account at >>>> that point. >>>> >>>> Any ideas ? >>>> >>>> Thanks for any help. >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> jasig-cas-user...@**googlegroups.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/**display/JSG/cas-user >>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>> >>> -- >> You are currently subscribed to [email protected] <javascript:> as: >> [email protected] <javascript:> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] <javascript:> as: > [email protected] <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
