Scott et al,
I think I may have solved my problem with the IP address at least in theory. Since I will know the username and the IP of the request in the HttpRequestEvent, I can simply update the registry with this information, but indicate that status of the authentication attempt is unknown. Then I can update the record as status=Authenticated once I get the AuthenticationEvent. Then finally, I can update the registry again when the Ticket Granting Ticket and each Service Ticket is issued. The downside is that multiple web service calls to my registry will be required to assemble the data piecemeal, but it avoids the need to modify CAS in any way. I will just have to make the client API to my registry smart enough to list only the relevant users and associated information (e.g. only those users who have been authenticated OR those users who have been issued a service ticket for a particular service). Does this sound reasonable? Is there anything about the event handling mechanisms that might cause this not to work as I expect or influence the implementation (e.g. what order are the events fired in)? Thanks again. Bill Bailey Senior Developer / DBA Northland, A Church Distributed
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
