TicketValidationFilter question

Scott Battaglia scott.battaglia at gmail.com
Thu Sep 20 09:24:22 EDT 2007 

On 9/20/07, Andrew R Feller <afelle1 at lsu.edu> wrote:
>
>  In the current JA-SIG CAS Client for Java, whenever a user refreshes the
> service they are redirected to after CAS authentication, an exception is
> thrown because the TicketValidationFilter is attempting to re-validate the
> service ticket it previously consumed.
>
> Questions:
>
>    1. If the user is logged in, shouldn't the client ignore the ticket
>    on the request query and simply pass them through?
>
>
No, the client should not ignore a ticket.  The existence of a session
doesn't indicate anything other than the existence of a session.


>    1. Is there any reason why the TicketValidationFilter always
>    attempts to validate a service ticket regardless of the CAS assertion in the
>    session?
>
>
Yes, the reason is that it was passed a ticket. It doesn't know why you gave
it the ticket.  Its job isn't to determine why you have a ticket and an
existing session.  All it knows is that you gave it a ticket to validate.
For all it knows, you  felt that the existing  Assertion was too far in the
past for it to matter anymore, and you'd like to re-assert.


>    1. How are users supposed to refresh or bookmark pages?
>
>
There is a feature on the filter itself to redirect the user to the same URL
without the ticket in the URL after successful ticket validation.


>    1. If there is a need for the filter to always re-validate the
>    service ticket, could there be some setting to by pass the check?
>
>
Its not re-validating a service ticket.  Its validating a ticket that you
gave it.  It has no knowledge of whether the ticket was used or not.  All it
knows is it has a ticket it needs to validate.  If you are concern with
attempting to validate the same ticket twice, you should enable the
redirect.

The parameter I am referring to is: redirectAfterValidation.  It should do
what you need :-)

-Scott

-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070920/1fdbdc70/attachment.html

More information about the cas mailing list