Search:

I haven't tried it yet. I just have observed 10 Outstanding LPPE JIRA issues from link you provided. The most appreciated feature for me is LPPE - change password workflow. From there I was navigated...

Thank you very much Jérôme. LPPE feature was introduced in 3.5, but it still seems to be quite buggy. Maybe CAS password manager is better option.

Hello,

I use Spring Security 3.1 and CAS 3.4.9. Here is my problem:

User authenticates on CAS. When user's password expires, I set UserDetails.setCredentialsNonExpired(false) in my...

As I know, it is possible to have several authentication providers in Spring Security.

But I actually don't know what happens, if one of providers fails due to unavailability of its remote...

Finally, my solution of this was following:

1. I defined an insecured welcome page in Spring Security. Every 30 seconds (timeout of my own) the page checks availability of CAS server in pre-render...

With new version of the Spring forum the attached picture from my previous post has lost :(
Never mind. Here is a better one:
3760
(Eh, File Upload Manager has shrunk it.)

OK. Thank you very much.

I also prefer property config file. It might be better to use second LogoutFilter's constructor with logoutSuccessHandler. Something like that:


<b:bean id="requestSingleLogoutFilter"...

Here is attached the picture which depicts my idea. The red arrows are Spring Security communications. The Inbound endpoint should handle secured calls. I hope the channel endpoint is powerful enough...

Rob, could you explain what actually will happen in case if user's credentials wouldn't be valid (in gateway mode)?

Yes, I've seen the example. Thanks for it, it's very instructive and useful.

I actually had similar idea, but was not sure about it. The only wish I have is not to see encoded URLs in the...

Hello,

I'm using CAS authentication with Spring Security 3.0.5. I noticed in the CAS server's source code that logout URL can contain service parameter. It redirects browser to some "non-central"...

OK, I voted for it.

Hello,

I'm using CAS authentication with Spring Security 3.0.5. When the CasAuthenticationEntryPoint redirects to CAS in commence() method, it doesn't allow gateway parameter in the URL. The...

Thanks for resources.


The documentation on the CAS is getting better and better. Good job.


I feel I should be clearer here. First, please, see Spring Integration security:


I don't know...

I'm sorry for cross post here, but it seems that original thread in Spring Security forum is keeping alive. I think it will rather be worth to follow discussion there.

Thanks for good questions.


I hope so. All my applications I have mentioned, will be applications running in Spring application contexts with Spring Security configuration.


I want to rely...

100 viewers in 10 days, no opinion :(
Maybe this is a topic also about the architecture. I copied it to the Architecture forum.

[This thread was moved from Spring Security Forum]
Hello,

I consider following architecture: web application running on Tomcat 6, users are authenticated and authorized through Spring Security 3...

Jon,

see my comments below:

I don't think so. It is CAS principle to be placed elsewhere staying centrally accessible. Maybe, the browser can complain if the server redirects user to the...

Lately I read blog Spring Security 3 and ICEfaces 2 where Ben Simpson introduced JsfRedirectStrategy (see source attachment there). I realized that there are at least 2 situations in CAS environment...

Hello,

I consider following architecture: web application running on Tomcat 6, users are authenticated and authorized through Spring Security 3 and CAS (Central Authentication Service). From web...

But be aware of side effects. The ConcurrentSessionControlStrategy extends SessionFixationProtectionStrategy and calls it within onAuthentication() method. If you don't want this behavior you should...

For those who want to use SessionRegistry with unlimited number of sessions there is following workaround:



<http>
...
<session-management session-authentication-strategy-ref="sas"/>...

Thanks for the link:


<http>
...
<session-management invalid-session-url="/sessionTimeout.htm" />
</http>


It didn't work for me. I'm using CAS authentication. SessionTimeout...