Ensure the same credentials could be used only by one user at the same time

> Hi,
>
> We have a business rule that forbids two different users to be logged
> in the system under the same set of credentials at the same time. Does
> CAS have a support for this?
>
> Does this feature have a common name? "Non sharable credentials", or
> something similar?
>
> I tried to search archives to see if the question was already asked
> but WiscList is hardly usable.
>
> Thank you,
> Yuriy Zubarev
>

>>> We have a business rule that forbids two different users to be logged
>>> in the system under the same set of credentials at the same time. Does
>>> CAS have a support for this?
>
> No.
>
>>> Does this feature have a common name?
>
> Not that I'm aware of.
>
>> Any help would be appreciated.
>
> You will have to develop this functionality on your own.  If you don't
> do any credential-to-principal resolution, this can probably be
> straightforward.  In that case I would recommend extending an
> authentication handler suitable for your authentication source (e.g.
> LDAP) that uses a post-authentication process to search the
> TicketRegistry for TGTs with a principal matching the username of the
> given credential.  If you find a match, return false for the
> postAuthenticate method.  We discussed post-authentication handlers
> today on another thread if you'd like more background.
>
> M
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

> Just a note that not all ticket registries are searchable, nor is it
> possibly efficient to search them.  The default registry will return an
> entire collection of tickets, while the memcache registry is unable to.  The
> JPA one will, but to load the entire table of tickets may not be efficient.
>
> Cheers,
> Scott
>
>
> On Tue, Oct 20, 2009 at 9:05 PM, Yuriy Zubarev <[hidden email]>
> wrote:
>>
>> Thank you, It helps a lot.
>>
>> Yuriy
>>
>>
>> On Tue, Oct 20, 2009 at 5:41 PM, Marvin Addison
>> <[hidden email]> wrote:
>> >>> We have a business rule that forbids two different users to be logged
>> >>> in the system under the same set of credentials at the same time. Does
>> >>> CAS have a support for this?
>> >
>> > No.
>> >
>> >>> Does this feature have a common name?
>> >
>> > Not that I'm aware of.
>> >
>> >> Any help would be appreciated.
>> >
>> > You will have to develop this functionality on your own.  If you don't
>> > do any credential-to-principal resolution, this can probably be
>> > straightforward.  In that case I would recommend extending an
>> > authentication handler suitable for your authentication source (e.g.
>> > LDAP) that uses a post-authentication process to search the
>> > TicketRegistry for TGTs with a principal matching the username of the
>> > given credential.  If you find a match, return false for the
>> > postAuthenticate method.  We discussed post-authentication handlers
>> > today on another thread if you'd like more background.
>> >
>> > M
>> >
>> > --
>> > You are currently subscribed to [hidden email] as:
>> > [hidden email]
>> > To unsubscribe, change settings or access archives, see
>> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> You are currently subscribed to [hidden email] as:
> [hidden email]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user