Hi, The *renew* parameter can be used on the /serviceValidate url? I thought it was only for /login...
Thanks. Best, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-08-06 7:27 GMT+02:00 Misagh Moayyed <mmoay...@unicon.net>: > I am with you on the change; although I'd rather it not fail but ignore and > spit out a warning somewhere. > > -----Original Message----- > From: Marvin Addison [mailto:marvin.addi...@gmail.com] > Sent: Tuesday, August 5, 2014 1:22 PM > To: cas-dev@lists.jasig.org > Subject: [cas-dev] CAS 2/3 Protocol Clarification w/r/t Proxy & Renew > > I don't believe proxy and renew can go together logically, not in any sense > I know them, but the following text can be misleading in light of that > assumption: > > 2.6. /proxyValidate [CAS 2.0] > /proxyValidate MUST perform the same validation tasks as /serviceValidate > and additionally validate proxy tickets. > /proxyValidate MUST be capable of validating both service tickets and proxy > tickets. See Section 2.5.4 for details. > > 2.6.1. parameters > /proxyValidate has the same parameter requirements as /serviceValidate. See > Section 2.5.1. > > So given that proxy tickets cannot support forced authentication > (renew) since all the communication is back-channel, a request to validate > a > proxy ticket with the renew flag set makes no sense. I believe the text at > present means "if a service ticket is presented, then renew is valid; > otherwise the behavior is indeterminate" since /proxyValidate MUST handle > both service and proxy tickets. I think it would be helpful to make that > distinction more clear in the spec. > Moreover, I would recommend that we spell out the expected behavior on > sending invalid protocol parameter sets; for example: > > "If a proxy ticket is presented to /proxyValidate with the renew parameter > set, validation MUST fail with INVALID_REQUEST." > > M > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > mmoay...@unicon.net To unsubscribe, change settings or access archives, > see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
