Update Authentication attribute during a renew
29 views
Skip to first unread message
Raph C
May 29, 2020, 10:43:02 AM5/29/20
to CAS Community
Hi all,
I'm using CAS 5.3 version and have multiple authentication handler which supports different kind of credential. So let's imagine the following flow :
A/ user authenticates with a custom credential (e.g header and not a login/password). all is ok, an authentication attribute (let's call it amr) is set to tgt to state which authn method was used ... then a CAS session is started
A/ user authenticates with a custom credential (e.g header and not a login/password). all is ok, an authentication attribute (let's call it amr) is set to tgt to state which authn method was used ... then a CAS session is started
B/ A few moment later (before CAS session expires), user agent is redirected to login page with renew param.
C/ user has to enter its login/password. After validating it by another authentication handler, CAS generates a new Service Ticket but left tgt as is without updating amr attribute with new value. Finally CAS client will see an outdated information.
How can I force CAS to update my TGT authentication attribute before generating service ticket ?
Thanks for your help
Ray Bon
May 29, 2020, 11:55:21 AM5/29/20
to cas-...@apereo.org
Raph,
Are you talking about ticket expiration?
https://apereo.github.io/cas/6.1.x/ticketing/Configuring-Ticket-Expiration-Policy.html
Ray
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Raph C
May 29, 2020, 12:58:41 PM5/29/20
to cas-...@apereo.org
Hi Ray,
No. In renew mode, CAS if user already has a valid session, ask login/passwd, validate it and then genarate a new Service Ticket linked to the current tgt (user current Cas Session). So authentication metadata are not updated.
In this case, client when validate Service Ticket, see authentication metadata from initial authentication not the renew ones.
Regards
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d6cb93970ae8c45f5ac4912c86c8d9ca1b36f1ba.camel%40uvic.ca.
Reply all
Reply to author
Forward
0 new messages