Another item of note - I just learned that User4, after being wrongly-authenticated into Confluence for the 2nd time, logged out of wiki/cas (by hitting the Log Out link in Confluence, which also kills the CAS session), then logged directly into Confluence via the normal login page. (We have a login for external people who are not in our LDAP system and therefore cannot log in through CAS.) I'm wondering if she'd tried to go through CAS again, if she might have gotten incorrectly authenticated into Confluence a 3rd time? Anyway, this probably significant, as the direct login is what broke the cycle, not necessarily it just being another try. (and all subsequent logins since then have been fine).
Note also that the first user (prior to this case) who experienced this problem, successfully (and correctly) was authenticated into CAS and into Drupal via CAS, as the correct user, but it was when she tried to go to the wiki that she was authenticated in as the wrong person. So, it seems clear that her CAS session was correctly established before she was incorrectly auth'd into the wiki. Jim _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
