So two different CAS clients which would mean if there were any problems it would be in the CAS server.
Which versions of the server are you guys using? -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jan 15, 2009 at 10:12 PM, Adam Moore <amoo...@ucmerced.edu> wrote: > Drupal is PHP so I am using PHPCAS 0.6 I think. > > > Scott Battaglia wrote: > > Are you using the JASIG CAS Client for Java 3.1 also? > > Can you post your configuration? > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Thu, Jan 15, 2009 at 4:23 PM, Adam Moore <amoo...@ucmerced.edu> wrote: > >> I have had the same issues when casifying Drupal. It's impossible to do >> it at will, but the user they log in as is usually the last user that >> had logged in. I would love to get a final solution and the security >> implications are very high. >> >> Adam >> >> Jim Stoll wrote: >> > For those CAS-ifying Confluence via the JASIG CAS client for Java 3.1 >> > (as per instructions here: >> > >> http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1 >> ), >> > has anyone ever experienced the situation where users get into >> > Confluence as the wrong user? >> > >> > The basic scenario is: >> > 1. User makes initial request to https://wiki.our.site/dashboard.action >> , >> > and is taken to our 'public' wiki page (ie, unauthenticated users can >> > see the initial dashboard page) >> > 2. User clicks the 'Log In' link from the Confluence dashboard page >> > 3. User is redirected to the CAS login page >> > 4. User enters their own username and password and logs in through CAS >> > 5. User is taken into Confluence as another user entirely (ie, the >> > Dashboard shows the wrong user name, and the user is in another user's >> > permission scheme - can see content they shouldn't see, and can't see >> > content they should see) >> > >> > I am currently unable to reproduce the problem at will, but we have had >> > two users experience this in the past week (that we're aware of, I >> > suspect there have probably been other occurrences we're not aware of, >> > though I have yet to find a way to identify this type of situation in >> > the logs). In the two cases I'm aware of, the 'wrong' user that the >> > person was authenticated into Confluence as, had never previously been >> > on the client machine that experienced the problem. (just FYI). We have >> > other applications that are CAS-ified (mixture of PHP and Java clients), >> > and we haven't yet seen this behavior on those. >> > >> > I'd appreciate any help, insight or advice, as this is a pretty serious >> > situation for us. >> > >> > Thanks! >> > >> > Jim >> > >> > >> > _______________________________________________ >> > Yale CAS mailing list >> > cas@tp.its.yale.edu >> > http://tp.its.yale.edu/mailman/listinfo/cas >> > >> _______________________________________________ >> Yale CAS mailing list >> cas@tp.its.yale.edu >> http://tp.its.yale.edu/mailman/listinfo/cas >> > >
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
