[cas-dev] Rationale for preventing access to services associated with a TGT
Andrew Ralph Feller, afelle1
afelle1 at lsu.edu
Tue Oct 21 15:51:48 EDT 2008
Scott,
Gotcha. I ask because I am working on some ticket registry views for our
administrators to see who is logged in, what services they have been to, and
other types of information. On one of the screens, I am viewing a TGT and
want to see what services the user has been authenticated to use.
Since there aren¹t any security concerns for providing access to this
information, I will file a JIRA issue for CAS 3.4 / 4 to see this gets
included.
Thanks,
Andrew
On 10/21/08 2:37 PM, "Scott Battaglia" <scott.battaglia at gmail.com> wrote:
> The reason is that CAS doesn't keep track of Services (I slightly lie there
> because obviously we keep track of them for single log out purposes, but
> that's it). Its only concerned about the creation, validation, and
> destruction of tickets. Once a ticket is "used" we don't care about it
> anymore, thus you can never obtain a list of STs from a TGT.
>
> -Scot
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Tue, Oct 21, 2008 at 3:18 PM, Andrew Ralph Feller, afelle1
> <afelle1 at lsu.edu> wrote:
>> Is there any particular reason why the services associated with a TGT are not
>> exposed directly from the TGT interface? I'm sure the need never came up as
>> it is possible to iterate over the ticket registry and determine which
>> tickets are service tickets and what TGT they are associated with.
>>
>> Thanks,
>> Andrew
--
Andrew R. Feller, Analyst
Information Technology Services
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081021/61ef59fb/attachment.html
More information about the cas-dev
mailing list