In this case, I suggest you to use another authentication method rather than still rely on CAS protocol. I was asked to design a plan B for this incident the other day, but the plan is still not ready until now.
It is hard to make a balance between user experience and security.In my opinion, plan B should be some kind of challenge authentication. When CAS is down, and you happened to found it was down when you try to authenticate user, you just show a challenge authentication page to user(or just a username/password form). It is easy to do so in a normal website, but my case is most of our client are SPA. In classic web application, we can provide a single SDK (ie. a filter for Java Spring applications) to make it easier for website developers to make use of both CAS and chanllenge authentication. But in SPA scenario, we have to care about both front-end and backend, which is difficult. Or you just build another service, which mocks CAS protocol APIs, and when CAS server is down, just turn to the mock server, but I doubt it can ensure security or not. 在 2019年8月21日星期三 UTC+8上午4:51:40,Yan Zhou写道: > > Hello, > > Our organization wants to make sure customers can still use their apps, in > the event that CAS is down or unavailable (even though we have HA, etc.). > > The idea is to have CAS return password in encrypted format to some apps. > that is critical. When CAS is down, the app. can authenticate using > encrypted password themselves. SSO does not need to work during that time. > > That smells bad, but, I know technically this can be easily done and that > is what we have been asked to do. > > What do you suggest? > > Yan > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/be97b839-1b64-4f74-8856-a14e38509b29%40apereo.org.
