I'm using CAS 5.3 in my development environment and I want allow only one session per each account. If any one trying to login with same credentials and earlier session is still not destroyed then system should prompt an alert to currently trying user that with so and so ip you are already logged in and you would like destroy the session to login. If user confirmed them system should destroy the earlier session and allow current user to login.
I've checked the CAS doc but I enable to find solution. Can you anyone please help me on this. Earlier I was used CAS old version in that I've modified source provided by CAS. With this achieve it. But I don't know how to do same thing in CAS 5.
I want allow only one session per each account. If any one trying to login with same credentials and earlier session is still not destroyed then system should prompt an alert ...
Starting with CAS 5.2.x, an authentication policy is available as "Unique Principal", that per the docs does this:
Satisfied if and only if the requesting principal has not already authenticated with CAS. Otherwise the authentication event is blocked, preventing multiple logins.
It also states:
Activating this policy is not without cost, as CAS needs to query the ticket registry and all tickets present to determine whether the current user has established a authentication session anywhere. This will surely add a performance burden to the deployment. Use with care.
So, you might be able to start with configuring that first and then modifying or extending it to match your exact needs.
Additional information can be found in the CAS docs