[
https://issues.apache.org/jira/browse/SHIRO-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419078#comment-13419078
]
Jérôme Leleu commented on SHIRO-373:
------------------------------------
In fact, the two filters are totally different :
- the CasFilter finishes the authentication process by retrieving the CAS
service ticket in url and asking the CAS server to validate it to get a user
identity : the authentication process is started by the RolesFilter which
redirects the user to the CAS server if it has not the right role
- the CasAuthenticatedUserFilter checks if the user is authenticated (not
remembered). If anonymous or remembered, the user is redirected to CAS server
for authentication and if the user is remembered, a parameter (renew=true) is
added to CAS server call to tell it it's a re-authentication.
> Complete CAS remember-me support
> --------------------------------
>
> Key: SHIRO-373
> URL: https://issues.apache.org/jira/browse/SHIRO-373
> Project: Shiro
> Issue Type: Bug
> Reporter: Jérôme Leleu
> Attachments: svn-CasAuthenticatedUserFilter.patch
>
>
> I was preparing a demo on CAS support for Shiro :
> https://github.com/leleuj/cas-shiro-demo and I did realize the remember-me
> feature is not fully addressed.
> One use case is missing : if the user is already remembered (by CAS) and want
> to be authenticated, it should be redirected to CAS server with a specific
> parameter (renew=true) to force CAS re-authentication.
> For this use case, I created a CasAuthenticatedUserFilter which checks if the
> user is authenticated (not remembered) and sends him to the CAS server if
> he's not (with the specific parameter to force re-authentication if he's
> already remembered).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
