Gokhan, Are you ask how to reuse a ST or are you asking how to prevent someone reusing a ST?
I will answer the second. ST lifetime is short (10 seconds by default, I think). Once a ST has been submitted to CAS for validation (step 4 below) or ticket lifetime has passed, CAS will mark the ST as expired and it can no longer be used. Ray On 2017-01-05 04:14, Gokhan Mansuroglu wrote: > Hi, > > I have an additional requirement for Cas protocol. I will simplify the > protocol just to explain my case; > > 1. Client tries to access /https://app.example.com/ > ||2. Browser redirected to > /https://cas.example.com/cas/login?service=https://app.example.com/ > 3. User authenticates with username and password and redirected to > /https://app.examle.com?*ticket=ST-xxx*/ > 4. The app send a validation request and gets the authentication > information. > > Lets say you want to be able to use the service ticket multiple times. > Then whoever has the link */https://app.examle.com?ticket=ST-xxx/* can > successfully log in the application which results in very risky situation. > > What is your solution to this problem ? > > Thank you very much. > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/d127cbd1-49cb-4f4c-bb81-72899fd1af16%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d127cbd1-49cb-4f4c-bb81-72899fd1af16%40apereo.org?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE C023 | [email protected] -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/042d215c-c5b8-ef54-908a-d889d87a2285%40uvic.ca.
