Maybe I didn't explain well enough.
In casLoginView.jsp, I use:
... http://server/${pageContext.request.locale}/password/recover ,
which will always return the installation locale of the browser (in my cas
fr_FR),
even if I call the cas login page with the variable &locale=en .
Is there a way
Perhaps have a look at the "Python REST Client Example - Spring Security
Server" example in the link below, Spring security does things a little
differently as noted here.
https://wiki.jasig.org/display/CASUM/RESTful+API
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@m
On Sep 5, 2012, at 9:03 AM, jleleu wrote:
> 1) I see the use case (switching from desktop to laptop). What's the real
> objective ? To enforce security : to avoid using the same account from two
> different locations, the last IP (location) used to authenticate prevents the
> re-use of a previ
> And here the logs of execution:
>
> https://gpk-nmtg-cpo06/SSO/v1/tickets/TGT-49-3bQmXFRxXCFEhDe90fLSSsQ52Aw01UmGwSf7fgcajHegdY03gB-cas
> Tgt is : TGT-49-3bQmXFRxXCFEhDe90fLSSsQ52Aw01UmGwSf7fgcajHegdY03gB-cas
> Service url is :
> service=https%3A%2F%2Fgpk-nmtg-cpo06%3A443%2FOpticalPortal%2Fservi
1) I see the use case (switching from desktop to laptop). What's the real
objective ? To enforce security : to avoid using the same account from two
different locations, the last IP (location) used to authenticate prevents the
re-use of a previous one (location). This way, no one can use my desk
> I tried using the locale returned by spring,
> but it matches the browser locale “fr_FR” , not the one used by CAS when
> passing “locale=fr” .
I believe most locale-aware frameworks will gracefully degrade from a
more specific locale to a less specific one if the former is not
found. Thus sinc
For the first issue, the goal was merely to invalidate any TGTs that are still
valid for the same user if they were associated with a different IP address
than the user is using presently. If Fred moves from his laptop to his desktop,
then the TGT he got on his laptop gets thrown away.
But if h
My interpretation was that a user was supposed to only be able to use one
ip-adress at any one time, not forever. Hence, existing, valid TGT:s from other
ip-addresses are expired, no need to keep expired TGT:s. Or am I missing
something?
Regards,
/Fredrik
-Original Message-
From: jlele
Hi,
For the first issue, I understand you want to check IP address between SSO
sessions for the same user (does the user use the same IP address as in its
previous SSO session ?). It means you need to keep expired TGTs : how that can
be possible as ticket registries are associated to mechanims
