I found a minor problem with this solution. The meta data that's returned from the ST validation is cached. If renew=true is set on a request and the user authenticates with a different user, the old TGT is recycled and the meta data is refreshed. If, on the other hand, the user authenticates with a matching user, the old TGT is maintained and the cached meta data is sent back to the application. I think it would make sense in the later case that the old TGT remain, and the authenticationMethod be updated with the method used to most recently authenticate. Where is the compare done on the new credentials versus the stored credentials?
Scott Battaglia wrote: > This has been fixed: > > http://www.ja-sig.org/issues/browse/CAS-632 > > Thanks > -Scott > > On Tue, Mar 18, 2008 at 3:24 PM, Larry Symms <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Sorry, the last sentence should refer to the > AbstractPreAndPostProcessingAuthenticationHandler class. > > Larry Symms wrote: > > In that case would it also make sense to put in a name property > on the > > AuthenticationHandlers to differentiate handlers that use the > same impl > > (e.g. 2 ldap directories), or would you just add the handler > object as a > > property to the Authentication object and have the > MetaDataPopulator use > > the properties of the handler to differentiate it (e.g. analyze the > > context source urls to determine which server successfully > authenticated > > the credentials)? If it were up to me I'd just tack on an > optional name > > property to the AuthenticationHandler interface. > > > > - Larry > > > > Scott Battaglia wrote: > > > >> My mistake on that one (I think I got my interfaces mixed up). If > >> you submit a JIRA issue I'll have the AuthenticationManager > populate > >> the attribute on the Authentication object by default. This would > >> make it to 3.2.1 which hopefully should come out as an RC1 > tomorrow. > >> > >> -Scott > >> > > _______________________________________________ > > Yale CAS mailing list > > [email protected] <mailto:[email protected]> > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] <mailto:[email protected]> > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
