Thank you for your answers! I found a more suitable solution. I use the Spring Redis session for my two web applications. Therefore, I have one common security context without SSO.
ср, 31 окт. 2018 г. в 18:53, Dmitriy Kopylenko <[email protected]>: > You might want to look into and configure attribute caching policy such > that it will basically re-resolve them from attribute sources every time ST > gets validated, hence you’ll get a fresh set of attributes every time CAS > ST validation protocol dance happens: > > > https://apereo.github.io/cas/5.2.x/integration/Attribute-Release-Caching.html > > Cheers, > D. > > > From: Павел Антонов <[email protected]> <[email protected]> > Reply: [email protected] <[email protected]> <[email protected]> > Date: October 19, 2018 at 4:00:32 AM > To: [email protected] <[email protected]> <[email protected]> > Subject: Re: [cas-user] Rerequesting CAS attributes > > Ray, I need to apply new attributes (changed in CAS) to already > authenticated user. > How can i do this without logoff/logon currently authenticated user? > Does your recommendation solve my problem? I think "Map attributes = > principal.getAttributes()" will return the outdated attributes obtained > during authentication... > > > чт, 18 окт. 2018 г. в 20:27, Ray Bon <[email protected]>: > >> Pavel, >> >> I suspect getting attributes for protocol 3 will be same as SAML 1.1. >> >> AttributePrincipal principal = >> (AttributePrincipal)request.getUserPrincipal(); >> Map attributes = principal.getAttributes(); >> >> There should be no need to go back to CAS. >> >> Ray >> >> >> On Thu, 2018-10-18 at 05:31 -0700, Pavel Antonov wrote: >> >> Hi! I'm developing an API using the Spring Framework. >> CAS server version 5.3.1, CAS protocol version 3 and CAS client included >> with Spring Security are used for user authentication. >> Based on this example >> https://apereo.github.io/2018/02/20/cas-service-rbac-attributeresolution/ >> I use CAS attributes as user roles in my API. >> It's necessary to rerequest CAS from my API to update the roles for >> already authenticated user. >> Is it possible to do that without user browser redirects? >> >> -- >> Ray Bon >> Programmer analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | [email protected] >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "CAS Community" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/a/apereo.org/d/topic/cas-user/Jsl0j06R_tw/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1539883619.2864.46.camel%40uvic.ca >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1539883619.2864.46.camel%40uvic.ca?utm_medium=email&utm_source=footer> >> . >> > > > -- > Отправлено с ПЭВМ > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMB%2Buw65kiS-yn-UPEEgynOLMrQ9dnV0_H5pT0J26nNKneHbgg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMB%2Buw65kiS-yn-UPEEgynOLMrQ9dnV0_H5pT0J26nNKneHbgg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/Jsl0j06R_tw/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5bd9cfe6.26625904.dcf%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5bd9cfe6.26625904.dcf%40unicon.net?utm_medium=email&utm_source=footer> > . > -- Отправлено с ПЭВМ -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMB%2Buw4OpkE1GUm-68KEUPsWf15mTXyrHZsz9ZKFw3t-O65jzQ%40mail.gmail.com.
