[cas-dev] Remember Me login

March, Andres amarch at soe.sony.com
Wed Dec 20 13:16:03 EST 2006 

That is great but I don't see how your patch would work without modifying the lifespan of the ticket in the registry.  Sure the cookie would live longer but the TGT would expire when the registry cleaner executed.

> -----Original Message-----
> From: cas-dev-bounces at tp.its.yale.edu [mailto:cas-dev-
> bounces at tp.its.yale.edu] On Behalf Of Arnaud Lesueur
> Sent: Wednesday, December 20, 2006 10:05 AM
> To: Mailing list for CAS developers
> Subject: Re: [cas-dev] Remember Me login
> 
> Well I have already make an implementation for this use case.
> 
> The main idea is to customize the SendTicketGrantingTicketAction depending
> on a user choice parameter on the login form.
> 
> You may found my implementation here : http://www.ja-
> sig.org/issues/secure/attachment/10691/persistentCookie.zip have
> a look at my issue : http://www.ja-sig.org/issues/browse/CAS-366
> 
> I still think is a good feature which should be added to CAS project ...
> 
> Scott, if you agree I might adapt the code to 3.1 and commit it.
> 
> 
> Arnaud Lesueur
> 
> 
> Le Mer 20 décembre 2006 18:47, March, Andres a écrit :
> > I see what you mean but the concrete instantiation is still the issue,
> IMHO.  A factory pattern would allow me to
> > control the creation of the Ticket and set whichever expiration policy I
> wanted.  There is only one expirationPolicy
> > possible in the CASImpl as you are aware.  Also, I need some way to pass
> the user's choice of whether to do a short
> > or long expiration to the place where the policy is set.  I don't know
> the best way to do this yet.  If you have any
> > ideas, I would be happy to implement it and contribute it back.  Thanks
> for the reply.
> >
> >
> >
> > ________________________________
> >
> >
> > From: cas-dev-bounces at tp.its.yale.edu [mailto:cas-dev-
> bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
> > Sent: Wednesday, December 20, 2006 6:19 AM
> > To: Mailing list for CAS developers
> > Subject: Re: [cas-dev] Remember Me login
> >
> >
> >
> >
> > I haven't had time to think about it fully yet, but we may need to
> modify the CAS server to support this (choosing on
> > of many expiration policies was not in the original design.
> >
> > You won't need a custom TicketGrantingTIcketImpl though, just a
> different expiration policy (one with a longer
> > length).
> >
> > -Scott
> >
> >
> > On 12/12/06, March, Andres <amarch at soe.sony.com> wrote:
> >
> >
> > I'm implementing a Remember Me (Save Password) feature and want to make
> the cookie have a variable lifespan: browser
> > session if they don't choose "Remember Me" or 3 months if they do.
> However, my plan to substitute my own
> > implementation for TicketGrantingTicketImpl is not possible because it
> is currently instantiated in a concrete
> > fashion in the CentralAuthenticationServiceImpl rather than using a
> factory.  Any ideas?
> >
> >
> >
> > ________________________________
> >
> >
> > From: cas-dev-bounces at tp.its.yale.edu [mailto: cas-dev-
> bounces at tp.its.yale.edu
> > <mailto:cas-dev-bounces at tp.its.yale.edu> ] On Behalf Of Scott Battaglia
> > Sent: Friday, November 17, 2006 10:59 AM
> > To: Mailing list for CAS developers
> > Subject: Re: [cas-dev] Remember Me login
> >
> >
> >
> >
> > Well TicketGrantingTickets themselves have a life-expectancy of whatever
> time you decide.  It can be short or long.
> > The key is making sure the cookie expiration time matches up with the
> TicketGrantingTicket expiration time.
> >
> >
> > Cookies only store the TicketGrantingTicket identifier.
> >
> >
> > -Scott
> >
> >
> > On 11/17/06, Alan D. Cabrera < alan.cabrera at simulalabs.com
> <mailto:alan.cabrera at simulalabs.com> > wrote:
> >
> >
> > Does anyone have any thoughts on my comments?  Arnaud?
> >
> >
> >
> >
> >
> >
> > Regards,
> >
> >
> > Alan
> >
> >
> >
> >
> > On Nov 15, 2006, at 12:13 PM, Alan D. Cabrera wrote:
> >
> >
> >
> >
> > Do I understand the code correctly when I say that you store the ticket
> in a cookie?  IIUC, won't the ticket expire
> > after a short while?
> >
> >
> >
> >
> >
> > Regards,
> >
> >
> > Alan
> >
> >
> >
> >
> >
> >
> > On Nov 15, 2006, at 10:15 AM, Arnaud Lesueur wrote:
> >
> >
> >
> >
> > Hi,
> >
> >
> >
> >
> > I have already open an issue in JIRA few months ago on this request and
> I also put my code as attachement. This
> >
> >
> > available here : http://www.ja-sig.org/issues/browse/CAS-366
> >
> >
> >
> > If you think, this feature is usefull please vote for it !
> >
> >
> >
> >
> >
> >
> > Arnaud Lesueur
> >
> >
> >
> >
> > Le Mer 15 novembre 2006 18:47, Jack Tang a écrit :
> >
> >
> > Hi Alan
> >
> >
> >
> >
> >
> >
> > Can you share the code with me? I am now hacking the some problem.
> >
> >
> > Thank you very much.
> >
> >
> >
> >
> >
> >
> > /Jack
> >
> >
> >
> >
> >
> >
> > On 11/10/06, Alan D. Cabrera < alan.cabrera at simulalabs.com
> <mailto:alan.cabrera at simulalabs.com> > wrote:
> >
> >
> >
> >
> >
> >
> > On Nov 9, 2006, at 8:10 AM, Peter Havelaar wrote:
> >
> >
> >
> >
> >
> >
> > Alan D. Cabrera <alan.cabrera at ...> writes:
> >
> >
> >
> >
> >
> >
> >
> >
> > We also wish to support "remember me".   What we plan on doing is
> >
> >
> > hacking the
> >
> > CASFilter so that we store an encrypted token in a cookie.  Its
> >
> >
> > format will be:
> >
> >
> >
> > userid:expiration:salt
> >
> >
> >
> >
> >
> >
> > If the CASFilter sees this cookie, it will refresh the session
> >
> >
> > variables.
> >
> >
> >
> > We also intend to modify the CAS login code to include
> >
> >
> > cas.remember URL
> >
> > parameter which would instruct the filter to construct the token.
> >
> >
> >
> >
> >
> >
> >
> > That is great!
> >
> >
> >
> >
> >
> >
> > When are these changes scheduled to be performed?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Well, we're making these changes internally this week.   I am happy to
> >
> >
> > submit the code back to the community.  Can anyone on the team comment?
> >
> >
> >
> >
> >
> > Regards,
> >
> >
> > Alan
> >
> >
> >
> >
> >
> >
> >
> >
> > Alan D. Cabrera
> >
> >
> > VP Engineering
> >
> >
> > Simula Labs - The Open Source Venture Partners
> >
> >
> > p: +1 510 225 5588 f: +1 800 822 0471
> >
> >
> > alan at simulalabs.com www.simulalabs.com
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> >
> >
> > cas-dev mailing list cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> >
> >
> > cas-dev mailing list
> >
> > cas-dev at tp.its.yale.edu
> >
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> > Alan D. Cabrera
> >
> >
> > VP Engineering
> >
> >
> > Simula Labs - The Open Source Venture Partners
> >
> >
> > p: +1 510 225 5588 f: +1 800 822 0471
> >
> >
> > alan at simulalabs.com
> >
> > www.simulalabs.com
> >
> >
> >
> >
> >
> > _______________________________________________
> >
> >
> > cas-dev mailing list
> >
> > cas-dev at tp.its.yale.edu
> >
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> > Alan D. Cabrera
> >
> >
> > VP Engineering
> >
> >
> > Simula Labs - The Open Source Venture Partners
> >
> >
> > p: +1 510 225 5588 f: +1 800 822 0471
> >
> >
> > alan at simulalabs.com
> >
> > www.simulalabs.com
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > cas-dev mailing list cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> >
> > _______________________________________________
> > cas-dev mailing list cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > cas-dev mailing list cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> 
> 
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev

More information about the cas-dev mailing list