Uploaded image for project: 'CAS Server'
  1. CAS-1410

Failure to create pgtIOU/PGT should not result in successful validation

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.2, 4.0 RC1, 4.0 RC2, 4.0 RC3
    • Fix Version/s: 4.0, 4.0 RC4
    • Component/s: Ticket, Validation
    • Labels:
      None

      Description

      If either of the pgtIOU or PGT fail to be created, CAS validation response should not proceed as if validation was successful. Current case is that pgtIOU may be absent in the validation payload, as the proxy callback may timeout due to load, etc.

      Relevant lines:
      https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/main/java/org/jasig/cas/web/ServiceValidateController.java#L138
      https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/main/java/org/jasig/cas/web/ServiceValidateController.java#L167

      Proposals to fix the issue must also update the protocol to indicate the expected behavior on failure.

      See discussion here: https://groups.google.com/forum/#!topic/jasig-cas-dev/gv2gwoG9ELo

        Attachments

          Activity

            People

            • Assignee:
              mmoayyed Misagh Moayyed
              Reporter:
              mmoayyed Misagh Moayyed
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: