So I have an application with certain parts allowing a long SSO session and other areas that require login every time.
I know I can leverage the renew query parameter but how to avoid the user from simply removing it and then access the secured part of the app without logging in again? For example, I want the user to provide their credentials every time they access their profile. So if there is already have an active session for https://www.myapp.com and they access their profile, i will redirect them to https://www.mycas.com/auth/login?renew=true&TARGET=https://www.myapp.com/myprofile This works, but I can also remove the renew query parameter and directly hit myprofile page since I already have a session to the app. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ea11170-164e-4408-bc66-422bf188c108n%40apereo.org.
