AuthenticationMetaDataPopulators can provide any data. However, the data placed there is typically only exposed in a way that allows it to be used when interacting with services via back-channels. Therefore, typical usage is meta data attributes about the authentication that are useful to the services.
The proposed CAS4 API supports return information that is useful to the user. Cheers, Scott On Mon, Oct 17, 2011 at 4:04 PM, Odilo Oehmichen <odilo.oehmic...@gmail.com>wrote: > > On Oct 17, 2011, at 15:27 PM, Marvin Addison wrote: > > >> Why not implementing a AuthenticationMetaPopulator ( > https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/authentication/AuthenticationMetaDataPopulator.java) > which performs the check and adds its results to the Authentication-object? > >> Aren't these meta-data? > > > > Yes, but why would any service care that the password is pending > > expiration? Authentication of user credentials is a concern of the > > CAS server alone; > I absolutely agree. > > > as such passing "your password is about to expire" > > around to services is contrary to that model. > I didn't intent to pass this information to services. > > > Contrast that with a > > good use case for AuthenticationMetaDataPopulator, where it is used to > > indicate credential strength or level of identity assurance, which > > absolutely _should_ be a concern of services in an environment where > > multiple authentication credentials are supported. The details of > > those credentials, e.g. pending expiration, is wholly outside the > > concern of services. > > So an AuthenticationMetaDataPopular provides authentication attributes > which are only important for services? > > Reading the javadoc of the AuthenticationMetaDataPopular it says > "An extension point to the Authentication process that allows CAS to > provide additional attributes related to the overall Authentication..." > For me an attribute indicating that the password will expire is related to > the overall authentication and should be read during authentication (which > is performed by the AuthenticationManager). > > But perhaps I misunderstand the purpose of a AuthenticationMetaDataPopular. > > cheers > odilo > > > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
