Hi,
+1 support for this.
While at the conference in Dallas, I discussed with many people about
the CAS ClearPass code. I spoke mainly about the longevity of this
codebase, many people were in support of getting this code to a level
where it would be maintained across such changes.
Would such a change impact on this code? A feature where password were
encrypted at the CAS end before being transfered into the portal session
as pre-encrypted could benefit this code.
http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials
Thanks,
Anthony.
Jen Bourey wrote:
Hi all,
I wanted to propose contributing some uPortal enhancements on behalf of
the University of Chicago. The enhancements improve the existing
CachePasswordSecurityContext to encrypt the password with a
Spring-configurable encryption service before storing it in the
session. We've also updated the CachedPasswordUserInfoService to
configurably either decrypt the cached password before adding it to a
portlet's UserInfoMap, or to pass it through in its encrypted form.
These changes are intended to preserve the ability of uPortal to
potentially cache user passwords, while ensuring that any passwords
present in the user session are encrypted.
Is this a change that we could contribute to the uPortal 3.2-oriented trunk?
- Jen
--
Jen Bourey
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-dev
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-dev
