My interpretation was that a user was supposed to only be able to use one ip-adress at any one time, not forever. Hence, existing, valid TGT:s from other ip-addresses are expired, no need to keep expired TGT:s. Or am I missing something?
Regards, /Fredrik -----Original Message----- From: jleleu [mailto:lel...@gmail.com] Sent: den 5 september 2012 09:21 To: cas-dev@lists.jasig.org Subject: re:[cas-dev] Offering a couple solutions Hi, For the first issue, I understand you want to check IP address between SSO sessions for the same user (does the user use the same IP address as in its previous SSO session ?). It means you need to keep expired TGTs : how that can be possible as ticket registries are associated to mechanims to clean old tickets. What about the performance impact of keeping old TGTs ? At first, reading quickly your post, I thought you want to check on IP address in the *same* SSO session, meaning : I log in with a certain IP, then every time I access a service, I want to be sure to use the same IP, otherwise I have to re-authenticate. It makes more sense to me, doesn't it ? For your second issue, we had exactly the same need : extend the SSO session by "following" the webapp session and we had a close solution. Even if it works, I'm wondering if using the REST API woudln't be a best solution [1] ? Best regards, Jérôme [1] : https://wiki.jasig.org/display/CASUM/RESTful+API -- You are currently subscribed to cas-dev@lists.jasig.org as: f...@kth.se To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
