Scott Battaglia wrote: > Ben, > > I've been looking at SEC-348 Hi Scott
I read through the issue in more detail and made the following comment. I have bumped it to 1.0.3 as noted in the comment. We'll see if the reporter provides a configuration file or more info: "I suspect there is a misconfiguration or misunderstanding here. With remoting protocols in general, you don't get access to the HttpSession. This is because most remoting protocols cannot present the assigned jsessionid. We therefore recommend setting HttpSessionContextIntegrationFilter.allowSessionCreation = false (defaults to true). The CasAuthenticationProvider should not go back to the CAS server and re-present the same service ticket. It seems you have a misconfiguration, such as a missing StatelessTicketCache. More information can be found at http://www.acegisecurity.org/docbook/acegi.html#cas-advanced. I will reassign this issue to 1.0.3, as I do not believe there is a bug here." Cheers Ben ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
