[cas-dev] More login flow gotchas
Stephen A. Cochran
stephen.a.cochran at Dartmouth.EDU
Mon Jun 26 13:52:34 EDT 2006
Came across another interesting flow issue, one that arises because
of the handling of the SSL authentication outside the CAS application.
Assume I have a valid CAS TGT obtained by using cert A. I then try to
log into a new application and am redirected to CAS. My browser
prompts me for my password and to select a certificate. I select cert
B. CAS then finds my TGT and I am logged into this application as the
user in cert A.
I understand what's what's happening and why, but it's a strange user
experience and thought I'd mention it for the archives. A similar
situation could arise with SPNEGO tickets or any other authentication
that happens at the connection level.
Steve Cochran
Dartmouth College
More information about the cas-dev
mailing list