Thinking more I still don't think this will work. What I am seeing is that the SAML Ticket will only be validated on the first request, so this won't work either. Seems like wherever I managed my users I would need to implement some type of revoked user service which a custom filter in each web application could use to lookup if a user was revoked or not. Is there a better approach for handling situations like this?
On Wed, May 16, 2012 at 4:31 PM, Jamie Johnson <jej2...@gmail.com> wrote: > We currently are using CAS and Spring Security to secure several > applications and have been asked by our customer to investigate how we > can support revoking a users access and having that take effect > immediately. Is there a way to do this in CAS? My first thought was > to add a SAML Ticket Validator and a custom SAML Attribute Repository > which would have the most up to date roles/access controls. Is this > appropriate? Is there a better way to handle this? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
