Jasig › Jasig CAS › CAS Users

CAS on Google App Engine?

11 messages Options
Embed this post
Permalink
Gustavo Hartmann

CAS on Google App Engine?

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)

Has anyone tried it out? Would it work?

 

Thanks,

Gustavo

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Scott Battaglia-2

Re: CAS on Google App Engine?

Reply Threaded More More options
Print post
Permalink
I've never tried it.  I'm willing to help if you want to try it out.

Cheers,
Scott


On Wed, Oct 7, 2009 at 10:45 AM, Gustavo Hartmann <[hidden email]> wrote:

Has anyone tried it out? Would it work?

 

Thanks,

Gustavo

-- 
You are currently subscribed to [hidden email] as: [hidden email]


To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Gustavo Hartmann

RE: CAS on Google App Engine?

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)

Great!!

 

I’ll get started on it and let you know about any issues.

 

Cheers,

Gustavo

 

From: Scott Battaglia [mailto:[hidden email]]
Sent: 08 October 2009 04:06
To: [hidden email]
Subject: Re: [cas-user] CAS on Google App Engine?

 

I've never tried it.  I'm willing to help if you want to try it out.

Cheers,
Scott

On Wed, Oct 7, 2009 at 10:45 AM, Gustavo Hartmann <[hidden email]> wrote:

Has anyone tried it out? Would it work?

 

Thanks,

Gustavo

-- 

You are currently subscribed to [hidden email] as: [hidden email]




 
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

 

-- 

You are currently subscribed to [hidden email] as: [hidden email]

To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Hanh Do

RE: CAS on Google App Engine?

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)
Hi Gustavo,
      Have you made any progress with CAS and Google App Engine? Any issues encountered?

thanks,

Hanh

Date: Thu, 8 Oct 2009 11:35:05 +0100
From: [hidden email]
Subject: RE: [cas-user] CAS on Google App Engine?
To: [hidden email]

Great!!

 

I’ll get started on it and let you know about any issues.

 

Cheers,

Gustavo

 

From: Scott Battaglia [mailto:[hidden email]]
Sent: 08 October 2009 04:06
To: [hidden email]
Subject: Re: [cas-user] CAS on Google App Engine?

 

I've never tried it.  I'm willing to help if you want to try it out.

Cheers,
Scott

On Wed, Oct 7, 2009 at 10:45 AM, Gustavo Hartmann <[hidden email]> wrote:

Has anyone tried it out? Would it work?
 
Thanks,
Gustavo
-- 

You are currently subscribed to [hidden email] as: [hidden email]



 
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

 

-- 

You are currently subscribed to [hidden email] as: [hidden email]

To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up now. 
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Robert Oschwald

Remotely invalidation TGC

Reply Threaded More More options
Print post
Permalink
I'm using CAS with RememberMe.
I need to invalidate a users Tickets (force relogin on next visit)  
from one of my client apps.
For this, I'm thinking of a REST Service, Servlet or SOAP Endpoint.

Any pointers on how to implement it?
I need to supply the users username, and thinking of a way to remove  
all tickets for this user from the TicketRegistry.

I'm not talking about currently active users, but of users who are  
potentially not online but got a longterm TGC.

Thanks,
Robert


--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Gustavo Hartmann

RE: CAS on Google App Engine?

Reply Threaded More More options
Print post
Permalink
In reply to this post by Hanh Do
Some javascript/style in this post has been disabled (why?)

Hi Hanh

 

In the end I did not have time to play with it but I’m still interested in how it works.

 

Cheers,

Gustavo

 

From: Hanh Do [mailto:[hidden email]]
Sent: 09 November 2009 21:14
To: [hidden email]
Subject: RE: [cas-user] CAS on Google App Engine?

 

Hi Gustavo,
      Have you made any progress with CAS and Google App Engine? Any issues encountered?

thanks,

Hanh

Date: Thu, 8 Oct 2009 11:35:05 +0100
From: [hidden email]
Subject: RE: [cas-user] CAS on Google App Engine?
To: [hidden email]

Great!!

 

I’ll get started on it and let you know about any issues.

 

Cheers,

Gustavo

 

From: Scott Battaglia [mailto:[hidden email]]
Sent: 08 October 2009 04:06
To: [hidden email]
Subject: Re: [cas-user] CAS on Google App Engine?

 

I've never tried it.  I'm willing to help if you want to try it out.

Cheers,
Scott

On Wed, Oct 7, 2009 at 10:45 AM, Gustavo Hartmann <[hidden email]> wrote:

Has anyone tried it out? Would it work?
 
Thanks,
Gustavo

-- 



You are currently subscribed to [hidden email] as: [hidden email]






 
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

 

-- 



You are currently subscribed to [hidden email] as: [hidden email]



To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 

You are currently subscribed to [hidden email] as: [hidden email]

To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

 

Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up now. 

-- 

You are currently subscribed to [hidden email] as: [hidden email]

To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Scott Battaglia-2

Re: Remotely invalidation TGC

Reply Threaded More More options
Print post
Permalink
In reply to this post by Robert Oschwald
On Mon, Nov 9, 2009 at 4:29 PM, Robert Oschwald <[hidden email]> wrote:
I'm using CAS with RememberMe.
I need to invalidate a users Tickets (force relogin on next visit) from one of my client apps.
For this, I'm thinking of a REST Service, Servlet or SOAP Endpoint.

Is it not sufficient to send a renew=true to force them to log back in?
 

Any pointers on how to implement it?
I need to supply the users username, and thinking of a way to remove all tickets for this user from the TicketRegistry.

We don't actually store based on username.  So you'd have to write something custom that would map that userid to the ticketid so that you could later retrieve the ticket ID.


Cheers,
Scott


 

I'm not talking about currently active users, but of users who are potentially not online but got a longterm TGC.

Thanks,
Robert


--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Robert Oschwald

Re: Remotely invalidation TGC

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)

Am 11.11.2009 um 15:26 schrieb Scott Battaglia:

On Mon, Nov 9, 2009 at 4:29 PM, Robert Oschwald <[hidden email]> wrote:
I'm using CAS with RememberMe.
I need to invalidate a users Tickets (force relogin on next visit) from one of my client apps.
For this, I'm thinking of a REST Service, Servlet or SOAP Endpoint.

Is it not sufficient to send a renew=true to force them to log back in?
 
This assumes the user is online.
But thats not always the case.

Scenario:
User has a valid long term TGC and is not online.
In the User Database, the Username is changed (either by another system or by the user but he used another browser (e.g. first Firefox, then Safari to change his Username, which is an emailaddr.)

We must ensure that all users need to interactively relogin on next visit if email-address gets changed.
 


Any pointers on how to implement it?
I need to supply the users username, and thinking of a way to remove all tickets for this user from the TicketRegistry.

We don't actually store based on username.  So you'd have to write something custom that would map that userid to the ticketid so that you could later retrieve the ticket ID.


Is this an enhancement for a future version?


Robert
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Scott Battaglia-2

Re: Remotely invalidation TGC

Reply Threaded More More options
Print post
Permalink
On Thu, Nov 12, 2009 at 1:48 PM, Robert Oschwald <[hidden email]> wrote:

Am 11.11.2009 um 15:26 schrieb Scott Battaglia:
<snip />

Any pointers on how to implement it?
I need to supply the users username, and thinking of a way to remove all tickets for this user from the TicketRegistry.

We don't actually store based on username.  So you'd have to write something custom that would map that userid to the ticketid so that you could later retrieve the ticket ID.


Is this an enhancement for a future version?

It could be a useful enhancement.  We'd want to work out the best way to do it and what the implications are. It would certainly be easier to do with CAS4's architecture than CAS3's but CAS4 isn't ready yet.

Cheers,
Scott



 


Robert
-- 
You are currently subscribed to [hidden email] as: [hidden email]


To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
tedzo

Modify username?

Reply Threaded More More options
Print post
Permalink
In reply to this post by Robert Oschwald
Some javascript/style in this post has been disabled (why?)
One of our apps that is protected by CAS does the following-
1. User logs in by going to CAS login page.
2. Back in the app, the username is retrieved from the session, and the roles that are granted to him are queried (by the front-end, javascript, I think).
3. Certain features are enabled/disabled based on retrieved roles.

Is it possible for a malicious user to modify the username returned by CAS (and thus obtaining unauthorized access to functionality on the page)? I guess the question is the username provided by CAS in the session modifiable in any way by n end user?

Thanks for your response.

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Scott Battaglia-2

Re: Modify username?

Reply Threaded More More options
Print post
Permalink
In the session it isn't assuming you're not calling any session code that would overwrite the username. However, if you're exposing the username to the UI layer as part of your JavaScript, we can't control what happens there.

Cheers,
Scott


On Fri, Nov 13, 2009 at 2:22 AM, tedzo <[hidden email]> wrote:
One of our apps that is protected by CAS does the following-
1. User logs in by going to CAS login page.
2. Back in the app, the username is retrieved from the session, and the roles that are granted to him are queried (by the front-end, javascript, I think).
3. Certain features are enabled/disabled based on retrieved roles.

Is it possible for a malicious user to modify the username returned by CAS (and thus obtaining unauthorized access to functionality on the page)? I guess the question is the username provided by CAS in the session modifiable in any way by n end user?

Thanks for your response.

-- 
You are currently subscribed to [hidden email] as: [hidden email]


To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Free Embeddable Forum Powered by Nabble Help