On 05/12/2018 10:43, Catalin Dobrea wrote:
- Is this long term authentication sensible to IP changes?
Yes.
Cf
https://github.com/apereo/cas/blob/master/core/cas-server-core-cookie-api/src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java#L81-L84
- How this can be bypassed? - I scrolled thorough cas.properties to see
anything that might tweak this scenario but I was unable to identify any of
those
Switching from DefaultCasCookieValueManager to NoOpCookieValueManager will
bypass ip check.
An easy way to do should be cas.tgc.crypto.enabled=false
(not tested on 5.x, we've done it on 4.2.x, but it is similar but different)
Réfs :
-
https://github.com/apereo/cas/blob/master/core/cas-server-core-cookie/src/main/java/org/apereo/cas/web/config/CasCookieConfiguration.java#L48
-
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#signing--encryption-5
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-SAS (service applications et services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 407 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/29a5ff25-43cb-1f5f-129e-5c8ad3cd8003%40univ-paris1.fr.
