[cas-dev] More login flow gotchas
Scott Battaglia
scott_battaglia at rutgers.edu
Tue Jun 27 08:22:30 EDT 2006
Does the browser always ask for a certificate on every connection
request? When I was trying it out, it only asked me once for the entire
browser session (but then I also only had one certificate installed).
Stephen A. Cochran wrote:
> Came across another interesting flow issue, one that arises because
> of the handling of the SSL authentication outside the CAS application.
>
> Assume I have a valid CAS TGT obtained by using cert A. I then try to
> log into a new application and am redirected to CAS. My browser
> prompts me for my password and to select a certificate. I select cert
> B. CAS then finds my TGT and I am logged into this application as the
> user in cert A.
>
> I understand what's what's happening and why, but it's a strange user
> experience and thought I'd mention it for the archives. A similar
> situation could arise with SPNEGO tickets or any other authentication
> that happens at the connection level.
>
> Steve Cochran
> Dartmouth College
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
More information about the cas-dev
mailing list