On 9/27/07, Marat Radchenko <[EMAIL PROTECTED]> wrote: > > Well, of course client can directly query the directory. However it > removes all usefulness of passing attributes via SAML response.
The point of the SAML response is to return basic information than can be used for simple authorization (i.e. University-wide roles) or to create a local account. Its not designed to replace a directory service. Having the CAS server notify clients when attributes change is not something that the CAS server will currently support and I'm not sure it ever will (unless there is some huge push for it). Its much more efficient for applications to query an LDAP server when they feel they need refreshed information instead of CAS determining how often to notify a service and send that data to every service that still has a valid session. Again, we're not attempting to make CAS a full-fledged replacement for a directory service. Its not currently designed to handle that. -Scott I suggest this behavior: > During user session CAS stores urls of all services that were given > service tickets (this urls are used in single sign out). > > Maybe they could also be used when user details on CAS are updated. > Everything that is required is to make up xml message format and parse > it on service side (all required client infrastructure will already be > created in implementation of client single sign out support). > > 2007/9/27, Scott Battaglia <[EMAIL PROTECTED]>: > > Marat, > > > > Currently the design is that the CAS server sends the attributes to the > CAS > > client. CAS clients cache the results. If a CAS client needs to check > > frequently for changes he may be best served by directly querying the > > directory. > > > > Please share your thoughts and ideas though, that's what these lists are > for > > :-) > > > > -Scott > > > > > > On 9/26/07, Marat Radchenko < [EMAIL PROTECTED]> wrote: > > > > > > Hi everyone! > > > > > > We are planning to use CAS with SAML response and came upon this > question: > > > Will CAS and client library support attribute changes during user > > > session? We've got such case and need to understand whether upcoming > > > SAML client will address this issue or we will have to invent some > > > mechanism for doing that. If such feature is planned in new client > > > then we could join its development in order to speed it up. > > > Additionally, I've got some ideas about how it could be implemented > > > and if you are interested in them then I can post them to this ML. > > > > > > -- > > > Marat Radchenko, > > > Dev Lead at Pronto-Moscow > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > -- > > -Scott Battaglia > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
