Hi We have two services which a user has access to, whereas as login ID we use the email address of the user. Since the email address of a user can change, the user can change the email address inside the service as follows:
- First the user signs in to the first service (service1) with '[email protected]' and changes his/her email inside this service to '[email protected]', but which means the email address will also be changed on the backend/identity-management, BUT (currently) not inside CAS itself - The user decides to go to the other service (service2), but because the user already has a valid session with CAS, he/she does not have to provide the (new) credentials again, but the login request https://my.cas/cas-server-webapp-3.5.2/login?service=https://service2/index.html will return <?xml version="1.0" encoding="UTF-8"?><cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas";> <cas:authenticationSuccess> <cas:user>[email protected]</cas:user> which means in the case of service2 the user is signed in with the old username, which does not work anymore with the backend. My question is whether there are any recommended ways to handle such a situation? At the moment I can see the following possibilities: - Force logout after the user has changed the email address, and hence user has to sign-in again with new email address - Update the login ID inside CAS somehow (but I guess that's not possible for security reasons) - Provide some mapping from old to new email address, such that during the same session also the old email is still valid. I have been searching quite a bit for similar topics, but have not found anything really, hence any hints/feedback is much appreciated. Thanks Michael -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
