Force renew=true for Specific Users

Scott Battaglia scott.battaglia at gmail.com
Thu Oct 4 14:08:36 EDT 2007 

Clifford,

renew=true cannot be enforced from the AuthenticationHandler:

1.  If a TGT session exists and renew=true is not set, then CAS will never
contact the Authentication Handlers.
2.  An AuthenticationHandler does not have access to the Request object by
default
3.  Regardless of what happens on the server side, the client needs to send
"renew=true" on the validation to actually enforce the renew=true.

If your user removes renew=true from the login url but its on the validation
url, then the ticket validation will fail.

-Scott


On 10/3/07, Clifford Bryant <CBryant at edgewater.com> wrote:
>
>  Is there some way in CAS to force the renew=true option from the
> AuthenticationHandler?  In our case, we don't know until the user is
> authenticated whether they are in a certain role or not.  (The username and
> password of these other users is in a different database table.)  If they
> are in this particular role, then they should not be permitted SSO
> privileges.  And, the renew=true parameter should be added to the query
> string.
>
>
>
> We want to append renew=true to the query string for ticket validation.
> We want to avoid the situation where the user removes the "renew=true"
> parameter from the URL, when attempting to access the application.  The
> AuthenticationHandler doesn't have access to the request or response
> objects.
>
>
>
> Clifford Bryant, Senior Developer
>
> Edgewater Technology, Inc.
>
> -------------------------------------------------------------
>
> 20 Harvard Mill Square
>
> Wakefield, MA 01880
>
> Direct (:  781.213.9885
>
> Cell (:  617.417.6704
>
> Fax 6:  781.246.5903
>
> *:  *cbryant*@edgewater.com <cbryant at edgewater.com>
>
> ü:  www.edgewater.com
>
>
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071004/b40b30ec/attachment.html

More information about the cas mailing list