[cas-dev] Central Identity Service (CIS)

Scott Battaglia scott.battaglia at gmail.com
Mon Jan 8 13:23:58 EST 2007 

The first step would be for us to concretely document (preferably in Wiki)
exactly what we want/need/desire.  Once we know our use cases and
requirements we can more easily see how it fits into the current CAS
architecture and what modifications, if any, would be needed.

-Scott



On 12/23/06, Velpi <velpi at industria.be> wrote:
>
> > Third, I was thinking of creating a
> > StoredProcedureDatabaseAuthenticationHandler.java
> > The stored procedure could return:
> >       - 1  authenticateUsernamePasswordInternal returns true
> >       - 2  authenticateUsernamePasswordInternal returns false
> >       - 4  BlockedCredentialsAuthenticationException is thrown
> >       - 8  ExpiredPasswordAuthenticationException is thrown
> >       else UncategorizedAuthenticationException is thrown
>
> --------
> > We currently check some particular exceptions returned by LDAP and AD
> when
> > password is expired (in fact for AD we also check some other particular
> > exceptions : account disabled, locked, ect...).
> --------
>
> So there is some interest in this functionality and we have community
> knowledge for LDAP, AD and JDBC based implementations. At least two
> people here think it's a good idea to combine our efforts. Is the CAS
> project interested to adopt this?
>
> First thing we need to agree on: Should this be an advanced
> authenticationHandler (1) or should it be a separate action (2) that can
> be configured in the webflow (eg warnAction) or some other bright idea?
>
> (1) it may be useful to have a new base class that extends the
> AbstractUsernamePasswordAuthenticationHandler. But then we would be
> missing out on the x509 and SPNEGO checks. We'll need to use Exception
> handling to present the user with different views.
> (2) we need a common base class(es) that uses pluggable implementations
>
> I vote for a new action because it is far more flexible. It can easily
> be used in combination with x509 or SPNEGO (I can provide some code for
> that).
> Thoughts?
>
>
> --
> /---------------------------------------------
> | Jan "Velpi" Van der Velpen
> | Velpi at industria.be || +32 (0) 498 61 24 89
> \---------------------------------------------
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070108/f0cab86f/attachment.html

More information about the cas-dev mailing list