Thanks Johan, and Yes this problem does reflect what I am looking for but still they do not discuss the details of how to implement it. Which attachment are you referring to?
Thanks Ashima On Wed, Mar 11, 2009 at 11:58 AM, Johan Peeters <[email protected]>wrote: > Hi, > > Could it be that the thing you are looking for is described over here: > http://www.ja-sig.org/wiki/display/CAS/Expired+Password+Integration > > the attatchments show a possible solution. > > Anyway, I am starting to work on a solution for the problem described in > the link above for my master's thesis. > > Kind regards, > Johan Peeters > > > > *From:* Ashima Goel <[email protected]> > *Sent:* Wednesday, March 11, 2009 7:42 PM > *To:* [email protected] > *Subject:* Re: [cas-user] How to code following scenario in > Cas-Server-3.3.1 > > Thanks for replying Marvin. I will take care of not posting a double post. > > We were earlier using CAS2 and we did code this scenario in our > implementation of CAS2. Now we are moving to CAS3 and want our CAS3 > implementation to support everything our older implementation was able to > do. > > I understand that it is the responsibility of clients to use the attributes > and enforce security responsibility. But since lots of different type of > applications inside our university use CAS and then every app will have to > code this requirement, and we are not willing to do this. > So even if we can create a CAS extension to allow for centralized security > policy enforcement then we will be interested in working on that. > Are there any examples or tutorials which I can refer to for creating such > an extension to cas-server. > > Thanks > Ashima > > > On Wed, Mar 11, 2009 at 10:56 AM, Marvin Addison <[email protected] > > wrote: > >> > In cas-server-3.3.1 we need that when a user has successfully >> authenticated username and password then check for the values of >> 'tamuFlag'. >> > If 'tamuFlag' has value 'passwordExpired' then do not login user and >> show error message that 'Login failed because your password has expired'. >> > If 'tamuFlag' has value 'ssatExpired' then do not login user and show >> error message that 'Login failed because your Student Information Security >> Awareness training is due'. >> >> CAS is an authentication system, not an authorization system. The >> design leaves all authorization decisions in the hands of clients. It >> is the responsibility of your clients to use the attributes above to >> enforce security responsibility. >> >> That said, many have created CAS extensions to allow for centralized >> security policy enforcement. I believe CAS4 will have better support >> for this than CAS3, but I am fairly confident such features will >> always feel like an extension than a core competency. >> >> Hope that helps, >> M >> >> P.S. We kindly request that you not double post to cas-dev and >> cas-user. The sorts of questions you're asking are cas-user >> questions, and most folks that read cas-user are on cas-dev anyway. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
