Potential new features
100 views
Skip to first unread message
Jérôme LELEU
May 25, 2023, 5:08:14 AM5/25/23
to CAS Community
Hi,
I'd like to make some kind of poll to know if some people might be interested by the two following new features:
Feature 1: I open the login page in two tabs of my browser and log in in the first tab and then in the second tab: the second authentication currently just erases the first one. Should we have better behavior? Like displaying a warning to indicate that we keep the existing authentication or replace it by a new one?
Feature 2: I call the login page with the renew parameter. If the new logged user is different from the old one, should I perform a SLO?
Feedback will be welcome.
Thanks.
Best regards,
Jérôme
Petr Fišer
May 25, 2023, 8:03:06 AM5/25/23
to cas-...@apereo.org
Hello,
Feature 1
IMO, this will break a lot of things. Also, if you are logged in as one user, why would you need another login sesison as different user in another tab? Is there any specific use-case you are pursuing?
BTW user can open separate (anonymous) browser window if they want.
I can say, for myself, that I sometimes even need to use CAS as a domain SSO solution. Some legacy applications do not have, say, OAuth support but they can understand good ol' "domain-wide" SSO cookie.
If this gets implemented, please, make it configurable.
Feature 2
Probably a configurable thing too.
My two cents are: SLO may not be necessary, just because some specific site needs you to have sufficiently fresh login session (like... Github when you try to actually change some project-related settings). Other sites need not even know that some re-login happenned.
Cheers,
Fiisch
Feature 1
IMO, this will break a lot of things. Also, if you are logged in as one user, why would you need another login sesison as different user in another tab? Is there any specific use-case you are pursuing?
BTW user can open separate (anonymous) browser window if they want.
I can say, for myself, that I sometimes even need to use CAS as a domain SSO solution. Some legacy applications do not have, say, OAuth support but they can understand good ol' "domain-wide" SSO cookie.
If this gets implemented, please, make it configurable.
Feature 2
Probably a configurable thing too.
My two cents are: SLO may not be necessary, just because some specific site needs you to have sufficiently fresh login session (like... Github when you try to actually change some project-related settings). Other sites need not even know that some re-login happenned.
Cheers,
Fiisch
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz8jH970S%3D-7J1fw1BcgP%3DYv%3DnnZ9QRXhOtdBzY8WGOFQ%40mail.gmail.com.
Ray Bon
May 26, 2023, 6:50:28 PM5/26/23
to cas-...@apereo.org
Feature 1: The second login should alert (or at least be configurable) the user that the first login will be terminated and should trigger the SLO process. The lost first TGT also happens with the DUO oauth2 process (not with the iframe implementation),
thus orphaning the ST records created before DUO second factor and preventing those services from taking part in SLO (we added some behaviour to the login flow to transfer the pre DUO services to the post DUO TGT).
Feature 2: The log in page could be displayed with a password field and an uneditable username field filled with the current user's login id and a link saying 'switch user' or 'if this is not you ...'. If the the user wants to change the login id, then
a warning is displayed saying that SLO will be performed.
Ray
On Thu, 2023-05-25 at 11:08 +0200, Jérôme LELEU wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Jérôme LELEU
May 30, 2023, 2:26:19 AM5/30/23
to cas-...@apereo.org
Hi,
Thanks for the feedback. Let me clarify though.
I did these two customisations for one of my customers and we talked with Misagh about the relevancy of integrating them in the Open Source project.
So the question is: have you ever needed one of these two features?
Thanks.
Best regards,
Jérôme
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fdbc5e6f00342eb38f4a6f663f910c1988d4504.camel%40uvic.ca.
Ray Bon
May 30, 2023, 11:44:00 AM5/30/23
to cas-...@apereo.org
Jérôme,
We have not needed these features. But, they do seem useful.
Ray
Reply all
Reply to author
Forward
0 new messages