distinguish between new authentication and existing auth
Scott Battaglia
scott.battaglia at gmail.com
Wed Mar 14 23:11:08 EDT 2007
Carlos,
Currently the CAS 2 protocol does not explicitly return the value. You have
two options:
1. If you have made a decision about enforcing the renew=true, then you can
send the renew=true parameter along with your validation and a successful
validation response will only be returned if its from a new authentication.
2. If you just want to know for informational purposes, then you would have
to modify the JSPs that create the response to include an additional XML
attribute that specifies whether renew=true. You'd have to modify the client
to understand this.
-Scott
On 3/14/07, Carlos.Fernandez at usitc.gov <Carlos.Fernandez at usitc.gov> wrote:
>
> I am sorry if this is has been asked and answered a few times on the
> board already. SSO/CAS terminology is a little new to me.
>
> When a web application validates a ticket with CAS, is it possible to
> determine if this ticket was generated from a new primary authentication
> (e.g. user just interacted with the CAS server login form) or the result
> of an existing SSO authentication (e.g. user logged in 30 minutes ago
> with CAS)?
>
> I only know enough about spring webFlow to be dangerous, but I can see
> how I can step into a few of these places to determine if a successful
> login submission has occurred or if CAS is relying on a prior ticket.
> But that seems painful.
>
> Carlos
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070314/e0a2246b/attachment.html
More information about the cas
mailing list