Uploaded image for project: 'CAS Server'
  1. CAS-1219

Generic login (with no service) causes the webflow to erroneously report successul login even when no server side TGT is present

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.5.1
    • Fix Version/s: 4.0 RC1, 4.0
    • Component/s: WebFlow
    • Labels:
      None

      Description

      When login with no service the generic success page is displayed. Next time when /login with no service is entered, the flow just checks if tgtId represented by the CASTGC cookie is present in the flow scope (set by 'initialFlowSetupAction') and reports the successful login, completely disregarding the value of the server side TGT (the TGT could expire or not be present altogether, for example by restarting the container). This creates a great confusion.

      Perhaps, there is a need to accurately report the generic login success, by introducing an additional flow state to compare the CASTGC value to the server side TGT, it's expiration state, etc.

        Attachments

          Activity

            People

            • Assignee:
              dima767 Dmitriy Kopylenko
              Reporter:
              dima767 Dmitriy Kopylenko
            • Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: