I can't answer your specific questions, Tim, but we have a similar setup here with CAS and uPortal 2.5.2. I hadn't thought to try to go to an intermediate web app to display password expiration notices/change utilities. On login to uPortal, we query the password expiration date in Novell e-directory and display a countdown in the header in bold red. 'You have one week to change your password," "You have one day to change your password," etc. We have a password change channel in the portal that people can use. That seems to work pretty well for us. Jameson Watkins Director, Internet Development University of Kansas Medical Center http://www.kumc.edu/ 913-588-7387
>>> "Tim Archer" <[EMAIL PROTECTED]> 2/17/2007 4:52 PM >>> Hi All. I have a few questions I'm hoping someone can help me with. We currently run uPortal 2.5.2 with the MyVT extension, and we use CAS for authentication. One question that is coming up is how, upon after logging into cas, but before redirecting into the portal, we can do some additional security checks. First, we want to verify that the user has setup some security questions (mothers maiden name, etc), so that in the event the user loses their password we can ask them questions they must answer to have their password reset. We do not want to allow them into our portal until they have actually set these questions up. The second item we want to do is force the changing of passwords. CAS talks to novell e-directory, which does have a password expiration date stored in it for each individual. Upon logging in, I intend to query novell, and if the password is expired, force the user to change it before they can continue into the portal. Aside from uPortal, we also have a custom web application used to extend the functionality of our portal. This web application allows us to develop some more complicated web components that dont fit quite right into our portal such as reports, integration with legacy apps, etc. This web app is also protected by CAS. Now, my questions and problems are: 1) I can never seem to truly get the user to logout of the webapp. The logout links all do a session.invalidate(), and I also call the CAS logout page, but upon going directly to a URL within the webapp after the logout code has run, the user does not have to reauthenticate. It just lets the user in under the ID they last logged in as. How do I force a logout of my webapps? 2) For logging into the portal, our link looks like: http://myusf.stfrancis.edu/cas/login?service=http%3A%2F%2Fmyusf.stfrancis.edu%2FuPortal%2FLogin However, since I cant find a way for uPortal to easily do the expired password check, and to ensure a security question is set, I intend to change this. Instead of the cas login taking the user to the uPortal service, I want to take them to the webapp I have developed which will do an expired password check, and prompt for security questions. If there is nothing to be done, or the user satisifies our security criteria, I want to then direct them into uPortal. However, my problem seems to be this...Upon logging into CAS and going directly into the portal with the link I showed above, I can get to my WebApp without having to sign in again. However, if instead I direct the CAS service to first go to the webapp for security checks, and then direct the user into uPortal, they have to sign in again. Its like uPortal isnt checking with CAS to see if the user has already authenticated. I have tried grabbing the ticket ID from CAS and appending it onto uPortal links, but it doesnt seem to work. Any ideas? I would really appreciate any help!!! Tim Archer Director of Information and Administrative Services University of St. Francis 500 Wilcox Street Joliet, IL 60435 Phone: 815-774-2926 Email: [EMAIL PROTECTED] _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
