Thanks, Marvin. A lot of reading ahead, but I will keep the community posted. And I'll keep on asking if stuck.
--- On Wed, 2012/2/15, Marvin S. Addison <marvin.addi...@gmail.com> wrote: > I want to modify login-webflow so that when a local user tries to access a > CAS protected service, the standard resolver (1) is called. But when a user > has already been authenticated in another server (I have been calling this one a "parentCAS server"), I want to call the modified resolver (2). I would like to clarify that resolvers are only called at authentication time, so simply accessing a CAS-protected resource won't trigger resolvers unless the user is unauthenticated. As for triggering the right resolver, I really can't provide any further guidance. You're in an advanced use case where your needs aren't met by existing components. I'd recommend you consider request/response headers, cookies, and custom request parameters as tools that may help you accomplish your objective. It's also vitally important that any mechanism you develop does not trust any data provided by the user/browser in any fashion; you could use either encryption or digital signatures to overcome message integrity issues. In any case you will likely need to build several components and integrate them into the Spring context and also likely the Spring Web flow. Best of luck on you're adventure. M -- You are currently subscribed to cas-user@lists.jasig.org as: s4...@yahoo.co.jp To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
