Renew flag bug
Scott Battaglia
scott.battaglia at gmail.com
Thu May 29 23:25:10 EDT 2008
Technically the spec says we just need to check principals since one of the
assumptions is that your userbase can be distinguished. However, the old
authentication meta data may not be valid if you've logged in via a
different method. Can you open a JIRA enhancement request for this and I'll
take a look at it?
Thanks
-Scott
On Thu, May 29, 2008 at 6:51 PM, Larry Symms <lsymms at gmail.com> wrote:
> Larry Symms wrote:
> > If the renew flag is set and the user logs into CAS a second time using
> > another method than the original the old authentication metadata is
> > still send to the app in response to the ST if the user names match.
> > This is an issue if you're accepting authN from multiple domains that
> > may have overlapping user names. What should happen is that the old
> > authentication metedata should only be returned if the user and
> > authenticationMethod both match. Otherwise a new TGT should be issued.
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> bump
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080529/725064c9/attachment.html
More information about the cas
mailing list