Hi Pascal, Thank you very much! Will have to check your solution, wooow, if just by disabling crypto on the TGC will work that would be awesome since no changes should be required I enabled crypto on many flows on CAS so definitely I should give it a try.
On Thursday, December 6, 2018 at 10:45:51 AM UTC+1, Pascal Rigaux wrote: > > On 05/12/2018 10:43, Catalin Dobrea wrote: > > - Is this long term authentication sensible to IP changes? > > Yes. > > Cf > https://github.com/apereo/cas/blob/master/core/cas-server-core-cookie-api/src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java#L81-L84 > > > > - How this can be bypassed? - I scrolled thorough cas.properties to > see anything that might tweak this scenario but I was unable to identify > any of those > > Switching from DefaultCasCookieValueManager to NoOpCookieValueManager will > bypass ip check. > An easy way to do should be cas.tgc.crypto.enabled=false > (not tested on 5.x, we've done it on 4.2.x, but it is similar but > different) > > Réfs : > - > https://github.com/apereo/cas/blob/master/core/cas-server-core-cookie/src/main/java/org/apereo/cas/web/config/CasCookieConfiguration.java#L48 > > - > https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#signing--encryption-5 > > > -- > Pascal Rigaux > > Expert en développement et déploiement d'applications > DSIUN-SAS (service applications et services numériques) > Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF) > B 407 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE > Tél : 01 44 07 86 59 > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e997acba-1b89-492e-bcee-2c51035a6271%40apereo.org.
