It seems to me that the right solution to this problem is to add an option for CAS set the CONST_CAS_ASSERTION attribute in the Session to indicate a Gatewayed login, just as it saves the principal today. Then the user will be considered anonymous by the Java CAS client for the lifetime of the session.
david From: Michaël REMOND [mailto:michaelrem...@gmail.com] Sent: Thursday, April 24, 2014 5:38 AM To: cas-dev@lists.jasig.org Subject: [cas-dev] [CAS Client] performance with gateway feature Hello all, I want to discuss with you the thoughts Jérôme Leleu and I had on the implementation of the gateway feature in the Java CAS Client. The current implementation of the gateway feature works as following: - There is a unique boolean "gateway" in the AuthenticationFilter indicating if the gateway feature is activated or not for the whole webapp - If the user is not already locally authenticated and gateway is activated, we redirect to the CAS server with the gateway parameter; we use the gatewayResolver to not falling in a loop - We come back from the CAS server and are locally authenticated or stay anonymous I think we got a performance problem here if the user does not have a SSO session because every single request will imply a gateway redirection to the CAS server. I think it would be better if the GatewayResolver could be fine tuned i.e. instead of just holding the fact that we tried a gateway redirection, we could save the date of the last gateway attempt and retry after xx seconds. This parameter could be of course customized by the application developers. What do you think? Is this optimization relevant? I am ready to submit a pull request if we agree on this enhancement, Any discussions welcome, Regards, Michaël REMOND -- You are currently subscribed to cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org> as: david.oh...@emc.com<mailto:david.oh...@emc.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
