Authenticated into Confluence as wrong user
Jim Stoll
jstoll at vbi.vt.edu
Fri Jan 16 13:39:18 EST 2009
Another item of note - I just learned that User4, after being
wrongly-authenticated into Confluence for the 2nd time, logged out of
wiki/cas (by hitting the Log Out link in Confluence, which also kills
the CAS session), then logged directly into Confluence via the normal
login page. (We have a login for external people who are not in our LDAP
system and therefore cannot log in through CAS.) I'm wondering if she'd
tried to go through CAS again, if she might have gotten incorrectly
authenticated into Confluence a 3rd time? Anyway, this probably
significant, as the direct login is what broke the cycle, not
necessarily it just being another try. (and all subsequent logins since
then have been fine).
Note also that the first user (prior to this case) who experienced this
problem, successfully (and correctly) was authenticated into CAS and
into Drupal via CAS, as the correct user, but it was when she tried to
go to the wiki that she was authenticated in as the wrong person. So, it
seems clear that her CAS session was correctly established before she
was incorrectly auth'd into the wiki.
Jim
More information about the cas
mailing list