Dashboard > CAS User Manual > Navigation > Advanced Features > Remember Me
CAS User Manual
Remember Me
Browse Space    
Added by Scott Battaglia , last edited by Scott Battaglia on Mar 19, 2008  (view change)
Labels: 
(None)


Starting with CAS 3.2.1, CAS has support for long term Ticket Granting Tickets (i.e. "Remember Me").

Configuration

deployerConfigContext.xml

An AuthenticationMetaDataPopulator needs to be added to the AuthenticationManager. If you have no AuthenticationMetaDataPopulators configured, you would add the following property to the AuthenticationManager configured in the deployerConfigContext.xml:

<property name="authenticationMetaDataPopulators">
      <list>
         <bean class="org.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator" />
      </list>
</property>

cas-servlet.xml

Locate the bean "authenticationViaForm", it should look something like this:

<bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
	p:centralAuthenticationService-ref="centralAuthenticationService"
	p:warnCookieGenerator-ref="warnCookieGenerator" />

Change it to something similar to this:

<bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
	p:centralAuthenticationService-ref="centralAuthenticationService"
	p:formObjectClass="org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials"
	p:formObjectName="credentials"
	p:warnCookieGenerator-ref="warnCookieGenerator" />

ticketExpirationPolicies.xml

The ticket expiration policy entitled "grantingTicketExpirationPolicy" would need to be changed to the RememberMeDelegatingExpirationPolicy.

You would have something similar to the following:

<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy">
   <property name="sessionExpirationPolicy">
	<bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
           <constructor-arg index="0" value="XXXXXXXX" />
	</bean>
   </property>
   <property name="rememberMeExpirationPolicy">
	<bean class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
           <constructor-arg index="0" value="XXXXXXXX" />
	</bean>
   </property>
</bean>

(optional) applicationContext.xml

The CentralAuthenticationServiceImpl now supports providing separate TicketRegisties, one for ServiceTickets and one for TicketGrantingTickets. If you want this allows you to define a long term ticket store for TicketGrantingTickets (i.e. BerkeleyDb) and an in-memory short term cache for Service Tickets.

Depending on your intended number of users and/or memory on the machine you may or may not need to registries.

Note: Be careful when defining a long term ticket store. Certain long term stores may not properly serialize/deserialize TicketGrantingTickets such that multiple instances of the same ticket may exist in memory at the same time (this would mostly be an issue with regards to ProxyGrantingTickets and their parent TicketGrantingTicket).

(optional) ticketGrantingTicketCookieGenerator.xml

Allows you to specify the "rememberMeMaxAge" property (default 3 months) as well as other properties for the cookie.

Custom Implementations

For the most part, the Remember Me support built in requires no customizations. We provide one default Credentials class (the RememberMeUsernamePasswordCredentials) for processing username/password and remember me requests.

Users who require additional fields, may need to implement their own Credentials class. To get Remember Me support, developers should implement the RememberMeCredentials interface which provides a setRememberMe and isRememberMe methods.

Users may need to add one field to the login page. Something such as the following would need to be added to the casLoginView.jsp

<input type="checkbox" name="rememberMe" id="rememberMe" value="true" /> <label for="rememberMe">Remember Me</label>

Security Implications

User Security Implications

As with any long term "Remember Me" services, educating users about not choosing the option on a public computer (or a computer shared with others) is very important.

Server Security Implications

CAS uses opaque ticket identifiers in its Cookies. The length of the opaque identifier is chosen such that the probability of it being calculated/guessed is unlikely given the amount of time its valid for. As the length of the validity of the ticket increases, so must the length of the opaque identifier.

Notifying Applications of the "Remember Me" Feature being in Use.

When "Remember Me" is being used, an attribute is added to the Authentication object. This attribute is RememberMeCredentials#AUTHENTICATION_ATTRIBUTE_REMEMBER_ME with a value of Boolean.TRUE. You can use this in combination with the date the Authentication object was created to determine whether you should notify applications of the Remember Me option.
Powered by a free Atlassian Confluence Open Source Project License granted to Java Architectures Special Interest Group. Evaluate Confluence today.
Powered by Atlassian Confluence 2.7.3, the Enterprise Wiki. Bug/feature request - Atlassian news - Contact administrators