Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

[11:41:36 CDT(-0500)] <TonyUnicon1> alright

[11:41:37 CDT(-0500)] <pspaude> I'm getting spring security stuff too with it so I think you are right

[11:41:42 CDT(-0500)] <pspaude> cool

[11:41:50 CDT(-0500)] <dmccallum54> running without the protection sucks

[11:42:05 CDT(-0500)] <dmccallum54> but if we turn it on there's a race condition that blows up 1st time logins

[11:43:49 CDT(-0500)] <pspaude> If its only first time document it and let the users deal with it. (smile)

[11:43:57 CDT(-0500)] <dmccallum54> https://issues.jasig.org/browse/SSP-357

[11:44:08 CDT(-0500)] <pspaude> IE: The first time is just to get SSP ready for your login. Refresh and re-login again to complete SSP login functinality.

[11:45:14 CDT(-0500)] <dmccallum54> as log as uP is handling auth for us, we should be OK without fixation protection… and oauth doesn't use sessions

[11:45:52 CDT(-0500)] <dmccallum54> if we ever do have to run in true standalone mode we'll need to revisit the issue

[11:46:29 CDT(-0500)] <dmccallum54> we really shouldn't need sessions at all, tho. it's just b/c of uportal that they get involved at all

[11:46:33 CDT(-0500)] <dmccallum54> but anyway

[11:46:36 CDT(-0500)] <dmccallum54> horse. beaten.

[11:56:46 CDT(-0500)] <js70> not enough.

[11:57:07 CDT(-0500)] <dmccallum54> i think js70 is coming around to my … perspective… on ssp+uP

[11:57:37 CDT(-0500)] <js70> :^)