Thanks Bill, this was very helpful. I will take a look at Apache Shiro and see if this will meet my needs.
On Wed, May 16, 2012 at 5:10 PM, William G. Thompson, Jr. <wgt...@gmail.com> wrote: > Jamie, > >> ...can support revoking a users access and having that take effect >> immediately. Is there a way to do this in CAS? > > That somewhat depends on what "take effect immediately" means. There > is code in the community to do ABAC at the CAS server (there will be > presentation on this at Jasig in June). So a tweak to an LDAP > attribute would "immediately" prevent further Service Tickets (i.e. > access) form being vended to the application in question for that > particular user. > > However, CAS is not an application session manager, so an already > in-flight application session would not be effected. > > Apache Shiro claims to support this behavior and might be option for > Java based applications. Shiro also has some support for CAS. > > http://shiro.apache.org/ > > Best, > Bill > > > > On Wed, May 16, 2012 at 4:31 PM, Jamie Johnson <jej2...@gmail.com> wrote: >> We currently are using CAS and Spring Security to secure several >> applications and have been asked by our customer to investigate how we >> can support revoking a users access and having that take effect >> immediately. Is there a way to do this in CAS? My first thought was >> to add a SAML Ticket Validator and a custom SAML Attribute Repository >> which would have the most up to date roles/access controls. Is this >> appropriate? Is there a better way to handle this? >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: wgt...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: jej2...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
