search

rubycas / rubycas-server

Provides single sign-on authentication for web applications, implementing the server-end of Jasig's CAS protocol.
http://rubycas.github.com
Other
628 stars 270 forks source link

Deal with inactive or frozen account #204

Open shenhf opened 10 years ago

shenhf commented 10 years ago

Is there any solution to deal with inactive accounts at casserver side?

mitfik commented 10 years ago

It depends on what exactly are you asking for. If you are asking about authenticators, if they can deal with additional conditions then it is up to that particular authenticator. For example in ldap authenticator you have that possibility to define filter like: filter: (active=yes) which will check additional if the field active is set to yes.

If you are asking about sending proper error message (no matter what authenticator you will use) to the user that the credential are good but your account is not active then no, CAS do not have support for that.

shenhf commented 10 years ago

Finally I hacked casserver/lib/casserver/authenticators/sql_bcrypt.rb, hard coded matching_users method. It stopped inactive user login, as you said, not sending proper error message.