Hi, We decided to force users to logout as the "safest and simplest" solution for us. Best regards, Jérôme
2014/1/13 Michael Wechner <michael.wech...@wyona.com> > Hi > > We have two services which a user has access to, whereas as login ID we > use the email address of the user. > Since the email address of a user can change, the user can change the > email address inside the service as follows: > > - First the user signs in to the first service (service1) with > 'o...@foo.bar' and changes his/her email inside this service to > 'n...@foo.bar', but which means the email address will also be changed on > the backend/identity-management, BUT (currently) not inside CAS itself > > - The user decides to go to the other service (service2), but because > the user already has a valid session with CAS, he/she does not have to > provide the (new) credentials again, but the login request > > > https://my.cas/cas-server-webapp-3.5.2/login?service=https://service2/index.html > > will return > > <?xml version="1.0" encoding="UTF-8"?><cas:serviceResponse > xmlns:cas="http://www.yale.edu/tp/cas"> > <cas:authenticationSuccess> > <cas:user>o...@foo.bar</cas:user> > > which means in the case of service2 the user is signed in with the old > username, which does not work anymore with the backend. > > My question is whether there are any recommended ways to handle such a > situation? At the moment I can see the following possibilities: > > - Force logout after the user has changed the email address, and hence > user has to sign-in again with new email address > - Update the login ID inside CAS somehow (but I guess that's not > possible for security reasons) > - Provide some mapping from old to new email address, such that during > the same session also the old email is still valid. > > I have been searching quite a bit for similar topics, but have not found > anything really, hence any hints/feedback is much appreciated. > > Thanks > > Michael > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user