Some javascript/style in this post has been disabled (
why?)
We are running CAS 2 and will be updating to CAS 3. We have
a uPortal directory services channel backed by ldap that allows updates to
personal, department and group data that uses CAS proxy tickets to authenticate
to ldap. When CAS times out every 2 hours, proxy tickets cannot be obtained
until the user authenticates again. Sometimes the expiry can happen while the
user is entering data on an update page. When a submit button is finally
clicked, the CAS credentials have expired and the program’s attempt to
get a proxy ticket can potentially fail, generating an error and requiring that
the user re-enter the data.
To avoid this, we have filter that traps the browser
request, determines if the CAS ticket is about to expire, and if it is, saves the
request, forces a re-authentication, then replays the request. The problem is
that this approach required significant modifications to the CAS code. We would
like to avoid having to make modifications to the CAS 3 code, but have not yet
come up with a way to either guarantee that a proxy ticket will be available
when a request is made, or seamlessly handle a CAS re-authentication and re-try
getting the proxy ticket to continue the processing stream.
I would appreciate hearing how other institutions have dealt
with the problem of proxy tickets being unavailable in the midst of a
processing stream due to CAS credential expiration.
Thanks.
Paul
Gazda
--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user
