> The OAuth timeout problem, the SAML assertion timeout problem, and the CAS > service ticket problem, would all be solved by CAS issuing the [OAuth token > / SAML assertion / service ticket] after the user clears the warning / > authorization screen hurdle.
Thanks for mentioning this solution, Andrew. In previous discussions of this problem I recall we waffled on the point that warn is not used very much. The present case is categorically different when taking into account that pausing for user interaction is a fundamental part of the OAuth protocol. I'm hopeful that something a simple as reorganizing login webflow states to issue tickets after user interaction in all cases would be a suitable solution. If Jérôme agrees this would work for OAuth, then I recommend we open an issue targeted for 4.0. M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user