Scott, Thanks for the fast response! --> enforcing the renew=true It is my understanding that by doing this, the application opts out of SSO. We need the user to move from application to application pretty seamlessly. --> If you just want to know for informational purposes I need to treat "new authentications" differently. I should probably ask about my need instead of my proposed solution . . . putting the cart before the horse. I have finished wrapping a few applications that originally had their own authentication solutions with CAS (using acegi for integration on the web app). Originally, there were certain conditions where the user would see warning messages after a successful authentication. Such as, "your login will expire in 7 days" etc. They would see this on the page they were redirected to after a successful login. I am not entirely sure how to do this in our new CAS centric world. Since these are just warning messages, I want people to be redirected after successful authentication to the original application URI that forced authentication in the first place. At this point, and only this point, I want to display the warning message. This should only occur once, after the users initial authentication request. This should not occur when an authenticated user cross application borders. --> you would have to modify the JSPs that create the response to include an additional XML attribute that specifies whether renew=true. You'd have to modify the client to understand this. Based on the use case I described above . . . do you think is still the best course of action? Thanks! Carlos
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
