OK, we think we found the problem. It wasn't a technical issue, but a
logical one.
As I said, we have two applications that authenticate against CAS. In
the future, there'll be another one. One of them was thought of as the
entry point to the others, and it has nothing but links to the other t
Hi,
We have the same kind of issuers.
An ancien post of mine (witch is still unanswered) describes the same kind
of security issue.
Our configuration is :
CAS 3.3.3
RememberMe feature
JpaTicketRegistry
Liferay portal with edu.yale CAS client and other PHP casfied softwares.
"This happens only
> it's a security issue for us since a user could log in as the previous
> user.
Only if they're using the same browser since both CAS application
state and application session state is based on cookies. Is this a
kiosk environment? The best practice has been and continues to be
closing the brow
Hi, Marvin, thanks for your reply.
El 25/03/2010 17:45, Marvin Addison escribió:
Is the problematic service load balanced? You have to take additional
steps to ensure single sign-out in that case.
No, it isn't.
I would appreciate if you could clarify your reasoning for calling
this sit
> What are the extra steps one would take to make sure single sign out work on
> a load balanced service?
We clearly need a page on the wiki about this since it keeps coming
up. For the following discussion I will assume that the CAS server
has no knowledge of the actual node that is servicing a
> Hi. I have two applications that authenticate users using CAS. I have
> configured the single sign out in both of them, via
> SingleSignOutHttpSessionListener and SingleSignOutFilter. The problem is
> that the session in one of them seems to be kept alive...
> This happens only in some rare circu
Hi. I have two applications that authenticate users using CAS. I have
configured the single sign out in both of them, via
SingleSignOutHttpSessionListener and SingleSignOutFilter. The problem is
that the session in one of them seems to be kept alive, so when I sign
off and sign in again with a
