I'd like to upgrade our implementation of CAS 2 to the latest version of CAS. We've customized several things and I'd like any thoughts on the best way to implement these customizations in CAS 3.
Single Sign Out:
http://www.ja-sig.org/issues/browse/CAS-126 indicates that this is
available via callbacks, but I don't see how to do it.
"Remember Me" (persistent cookies):
http://www.ja-sig.org/issues/browse/CAS-366 looks like it should work,
although I haven't looked at in detail.
Persistent ticket caches:
In CAS 2 I modified the CacheInit servlet context listener to serialize
the ticket registries to a file on shutdown and load the file on
startup. I imagine I could do something similar in CAS 3 but I'm not
sure where I would put that logic.
A master override password:
I've already written my own OverridePasswordHandler
AuthenticationHandler
Sandboxed override passwords:
I haven't done this in CAS 2. The goal would be to limit the override
password to work only with certain registered services. My thinking is
that I could extend AuthenticationViaFormAction to add the
RegisteredService to an extended UsernamePasswordCredentials. (Not sure
if AuthenticationViaFormAction has easy access to the RegisteredService
or not, though). The OverridePasswordHandler would then make its
decision based on the username, password, and service. To prevent
someone from logging into one service with an override password and then
moving over to a prohibited service, I'd also have a 'usedOverride'
field on the extended UsernamePasswordCredentials that the
OverridePasswordHandler would set. I'd create an advice class similar
to ServiceRequiresAuthenticationMethodBeforeAdvice that checks the
'usedOverride' field and the service field to determine if it should
force authentication again.
Thanks
--
Dave Brondsema
Software Developer
Cornerstone University
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
