-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathTODO.txt
41 lines (31 loc) · 1.37 KB
/
TODO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
TODO: improvement for the future
================================
More Tests
++++++++++
Some scenarios deploying severals applications and running
doctests on it will be soon available.
Handling Single Sign Out
++++++++++++++++++++++++
At this point, this plugin does handle SSO (Single Sign On).
Yet, it does not handle Single Sign Out.
There may be several ways to achieve this.
- A simple solution may be found by enabling the plugin to execute each
callable delivered by webapp whose purpose would be to
logout the user from it (e.g: by redirecting the browser on the logout url,
or deleting some cookies etc.).
- Currently, CAS 3 and higher handle SSOut by triggering a POST request to all
the web application registered.
I did not digg this option at all, wonder how it would fit or not.
- ...
Not relying on the CAS server itself ?
++++++++++++++++++++++++++++++++++++++
At the moment, the plugin relies on a CAS server.
Yet, CAS is just a specific trusted third party (e.g.: like Kerberos etc.)
Thus, to avoid code redundancy between plugins dealing with concrete
implementation of this "trusted third party abstraction",
we should code against this abstraction => refactor this code.
Yet, of course, rather than extending this plugin, we may create a new one,
if each implementations tends to get very specific.
Misc
++++
Clearing and make more relevant comments ;)