I've been stepping through the CAS authentication and validation filters in the CAS client (3.1.6). It appears that after the authentication filter and the ST validation filter fire, and the Assertion object is put in session, the service app is then decoupled from the CAS server. i.e. Once the Assertion object is in the session, as you navigate around the pages of an app, you won't redirect to CAS server for a login prompt (which makes sense), but you also won't attempt to validate a service ticket since there is no service ticket on the request. Perhaps this is the desired behavior but I would have expected that after the initial login and validation step, as you navigate around the app, that the validation filter would request a service ticket from the CAS server if a service ticket was not on the request in order to verify with CAS that the user's session continues to be authenticated. Is the behavior I'm seeing correct or am I missing something? -- View this message in context: http://n4.nabble.com/CAS-ST-validation-after-authentication-tp1474581p1474581.html Sent from the CAS Users mailing list archive at Nabble.com.
-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user