Clifford, renew=true cannot be enforced from the AuthenticationHandler:
1. If a TGT session exists and renew=true is not set, then CAS will never contact the Authentication Handlers. 2. An AuthenticationHandler does not have access to the Request object by default 3. Regardless of what happens on the server side, the client needs to send "renew=true" on the validation to actually enforce the renew=true. If your user removes renew=true from the login url but its on the validation url, then the ticket validation will fail. -Scott On 10/3/07, Clifford Bryant <[EMAIL PROTECTED]> wrote: > > Is there some way in CAS to force the renew=true option from the > AuthenticationHandler? In our case, we don't know until the user is > authenticated whether they are in a certain role or not. (The username and > password of these other users is in a different database table.) If they > are in this particular role, then they should not be permitted SSO > privileges. And, the renew=true parameter should be added to the query > string. > > > > We want to append renew=true to the query string for ticket validation. > We want to avoid the situation where the user removes the "renew=true" > parameter from the URL, when attempting to access the application. The > AuthenticationHandler doesn't have access to the request or response > objects. > > > > Clifford Bryant, Senior Developer > > Edgewater Technology, Inc. > > ------------------------------------------------------------- > > 20 Harvard Mill Square > > Wakefield, MA 01880 > > Direct (: 781.213.9885 > > Cell (: 617.417.6704 > > Fax 6: 781.246.5903 > > *: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > > ΓΌ: www.edgewater.com > > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
