Happy new year everyone!  I hope you all had a restful break.

I have a few questions regarding functionality in CAS 3.1.  I had previously
investigated CAS 3.0 + acegi and found certain pieces missing that I ended
up extending in my proof of concept.  I was wondering with the new CAS
3.1release, if any of these are addressed.

If any of these don't make sense, or are workable in a different way, please
feel free to point out my ignorance. :)


1) Service dependent TGT expiration
Scenario:
- User attempts to access serviceone and is redirected to CAS for
authentication
- User logs into CAS and is redirected back to serviceone
- User accesses serviceone continuously until TGT is expired (value in
grantingTicketExpirationPolicy bean in applicationContext.xml)
- User attempts to access servicetwo, however due to the fact that their TGT
is expired, is redirected back to CAS for re-authentication.

To the user, this would be confusing since they were already logged in and
were accessing serviceone.  To deal with this scenario, there would need to
be some sort of call back mechanism from each service's page request to the
CAS webapp.  Is there such a call back in CAS 3.1?


2) Username available in the CAS webapp
For logging purposes, I'd like access to the username of a previously
authenticated user in the CAS application.  So that when a user attempts to
access servicetwo with a valid TGT, i can put that username in my access
log.


3) The TGT id that was used to validate user is available in each service
Again for logging purposes, I'd like access to the TGT id, this time in each
service webapp.  This way I can keep track of a users session across
webapps.


4) Force change password screen
I'd like a mechanism for forcing the user to change their password.
 Previously, I extended acegi User with that information, and checked that
in each service web container.  This is not appropriate as the service
container shouldn't care about password expiration.  What I would prefer is
to allow the user to log on and create a TGT, but not allow any service
tickets to be created.  This may have been possible with CAS 3.0, but I just
didn't look into it.  Is it possible?


Thanks for your help!
-rg
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to