I see, thanks. Will take a closer look to directory services.
2007/9/27, Scott Battaglia <[EMAIL PROTECTED]>: > On 9/27/07, Marat Radchenko <[EMAIL PROTECTED]> wrote: > > Well, of course client can directly query the directory. However it > > removes all usefulness of passing attributes via SAML response. > > The point of the SAML response is to return basic information than can be > used for simple authorization ( i.e. University-wide roles) or to create a > local account. Its not designed to replace a directory service. > > Having the CAS server notify clients when attributes change is not something > that the CAS server will currently support and I'm not sure it ever will > (unless there is some huge push for it). Its much more efficient for > applications to query an LDAP server when they feel they need refreshed > information instead of CAS determining how often to notify a service and > send that data to every service that still has a valid session. > > Again, we're not attempting to make CAS a full-fledged replacement for a > directory service. Its not currently designed to handle that. > > -Scott > > > I suggest this behavior: > > During user session CAS stores urls of all services that were given > > service tickets (this urls are used in single sign out). > > > > Maybe they could also be used when user details on CAS are updated. > > Everything that is required is to make up xml message format and parse > > it on service side (all required client infrastructure will already be > > created in implementation of client single sign out support). > > > > 2007/9/27, Scott Battaglia <[EMAIL PROTECTED]>: > > > Marat, > > > > > > Currently the design is that the CAS server sends the attributes to the > CAS > > > client. CAS clients cache the results. If a CAS client needs to check > > > frequently for changes he may be best served by directly querying the > > > directory. > > > > > > Please share your thoughts and ideas though, that's what these lists are > for > > > :-) > > > > > > -Scott > > > > > > > > > On 9/26/07, Marat Radchenko < [EMAIL PROTECTED]> wrote: > > > > > > > > Hi everyone! > > > > > > > > We are planning to use CAS with SAML response and came upon this > question: > > > > Will CAS and client library support attribute changes during user > > > > session? We've got such case and need to understand whether upcoming > > > > SAML client will address this issue or we will have to invent some > > > > mechanism for doing that. If such feature is planned in new client > > > > then we could join its development in order to speed it up. > > > > Additionally, I've got some ideas about how it could be implemented > > > > and if you are interested in them then I can post them to this ML. > > > > > > > > -- > > > > Marat Radchenko, > > > > Dev Lead at Pronto-Moscow > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > -- > > > -Scott Battaglia > > > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > -- > -Scott Battaglia > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
