[
https://issues.apache.org/jira/browse/SHIRO-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633821#comment-13633821
]
Jérôme Leleu commented on SHIRO-373:
------------------------------------
You're welcome.
It's worth noticing I did that a long time ago : it's a basic filter based on
CAS server behaviour : first access is considered authenticated, others are
seen as remembered. Not perfect, but it does the job. On Spring Security side,
to handle the CAS remember-me feature, the dev lead asked me to build a
solution based on timeout instead, which is still pending waiting for the new
CAS client version : 3.3.
To draw the big picture, CAS server will be added a LOA support this year, so
after that, it could be the right time to build something more complete on
Shiro library.
> Complete CAS remember-me support
> --------------------------------
>
> Key: SHIRO-373
> URL: https://issues.apache.org/jira/browse/SHIRO-373
> Project: Shiro
> Issue Type: Bug
> Reporter: Jérôme Leleu
> Fix For: 1.3.0
>
> Attachments: svn-CasAuthenticatedUserFilter.patch
>
>
> I was preparing a demo on CAS support for Shiro :
> https://github.com/leleuj/cas-shiro-demo and I did realize the remember-me
> feature is not fully addressed.
> One use case is missing : if the user is already remembered (by CAS) and want
> to be authenticated, it should be redirected to CAS server with a specific
> parameter (renew=true) to force CAS re-authentication.
> For this use case, I created a CasAuthenticatedUserFilter which checks if the
> user is authenticated (not remembered) and sends him to the CAS server if
> he's not (with the specific parameter to force re-authentication if he's
> already remembered).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
