Hi, Could it be that the thing you are looking for is described over here: http://www.ja-sig.org/wiki/display/CAS/Expired+Password+Integration
the attatchments show a possible solution. Anyway, I am starting to work on a solution for the problem described in the link above for my master's thesis. Kind regards, Johan Peeters From: Ashima Goel Sent: Wednesday, March 11, 2009 7:42 PM To: [email protected] Subject: Re: [cas-user] How to code following scenario in Cas-Server-3.3.1 Thanks for replying Marvin. I will take care of not posting a double post. We were earlier using CAS2 and we did code this scenario in our implementation of CAS2. Now we are moving to CAS3 and want our CAS3 implementation to support everything our older implementation was able to do. I understand that it is the responsibility of clients to use the attributes and enforce security responsibility. But since lots of different type of applications inside our university use CAS and then every app will have to code this requirement, and we are not willing to do this. So even if we can create a CAS extension to allow for centralized security policy enforcement then we will be interested in working on that. Are there any examples or tutorials which I can refer to for creating such an extension to cas-server. Thanks Ashima On Wed, Mar 11, 2009 at 10:56 AM, Marvin Addison <[email protected]> wrote: > In cas-server-3.3.1 we need that when a user has successfully authenticated username and password then check for the values of 'tamuFlag'. > If 'tamuFlag' has value 'passwordExpired' then do not login user and show error message that 'Login failed because your password has expired'. > If 'tamuFlag' has value 'ssatExpired' then do not login user and show error message that 'Login failed because your Student Information Security Awareness training is due'. CAS is an authentication system, not an authorization system. The design leaves all authorization decisions in the hands of clients. It is the responsibility of your clients to use the attributes above to enforce security responsibility. That said, many have created CAS extensions to allow for centralized security policy enforcement. I believe CAS4 will have better support for this than CAS3, but I am fairly confident such features will always feel like an extension than a core competency. Hope that helps, M P.S. We kindly request that you not double post to cas-dev and cas-user. The sorts of questions you're asking are cas-user questions, and most folks that read cas-user are on cas-dev anyway. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
