A colleague reported an issue where an application intended for forced authentication actually allowed the user to bypass reauthentication by stripping off the renew parameter in the URL and refreshing. I suspected an application misconfiguration, and indeed the validation filter did not have renew=true configured as required for correct behavior.
While it was a trivial fix, the risk merits some consideration. It's easy for a CAS integrator to expect renew is working correctly since the application redirects to CAS as expected; however, the intended behavior is easily bypassed. That's the worst kind of security problem: false sense of security. Here are some options in order of descending preference: * Prevent misconfiguration by requiring renew to be specified as a context parameter exclusively, where it would apply to all filters that need it. * Throw an exception on startup. * Log a prominent WARN message. * Add a prominent note to the wiki. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
