[cas-dev] Remember Me login
Scott Battaglia
scott.battaglia at gmail.com
Wed Dec 20 09:22:38 EST 2006
This will not work. Having a separate "remember me" cookie doesn't allow
CAS to continue to generate Service Tickets based off your
TicketGrantingTicket to authenticate you to services. Exposing this
"remember me" cookie at the highest possible directory level doesn't provide
your clients any benefit either as (a) you can't trust the cookie unless you
place additional safeguards on it and (b) the client application may not be
on the same domain.
The goal is not to override TGT behavior, its to extend its lifetime.
-Scott
On 12/20/06, Jason Shao <jayshao at rutgers.edu> wrote:
>
> March, Andres wrote:
> > No input? If I cannot substitute an implementation for the
> > TicketGrantingTicket, I may have to do some magic with the ticket value
> > to calculate expiration.
>
> Andres,
>
> Instead of overriding the behavior of the TGT, I would consider creating
> a separate "remember me" cookie which you then utilized as part of a
> non-interactive webflow before the form for requesting user credentials.
>
> In addition to avoiding complicating the role of the TGT, this gives you
> the option to pass back additional authentication meta-data to
> CAS-protected applications, in the event a particular application wanted
> to disallow "remember me" functionality.
>
> Jason
>
> --
>
> Jason Shao
> Application Developer, Architecture & Engineering Team
> Rutgers University - Enterprise Systems & Services
> v. 732-445-2869 | f. 732-445-5493 | jayshao at rutgers.edu
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20061220/34d78ec8/attachment.html
More information about the cas-dev
mailing list