Ganesh, Was the place where the name was displayed a CAS page or was it the client application?
Was it the same browser (after User1 logged out)? Were both users active at the same time, perhaps behind a common router? Ray On Tue, 2019-03-05 at 19:01 -0800, Ganesh Prasad wrote: Hi all, This is a serious issue, and I think it may have something to do with caching. I have a user (say User1), who logs into CAS using delegated authentication against an external IdP using pac4j. I have another user (say User2), who belongs to a different organisation, and who logs into CAS using a local LDAP username and password. Today, User2 logged in and saw User1's name displayed on the screen. I assume that the rest of the profile (based on the SAML token) was also that of User1. Needless to say, this is a serious issue. The problem could not be reproduced, but we have screenshots that prove that User2 did see User1's name on screen. They had no idea such a user even existed until they saw it on screen. Any ideas why this could be happening? Is there a simple setting to turn off caching somewhere? I'm hoping it's something as simple as that. Regards, Ganesh -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1551890422.3520.35.camel%40uvic.ca.
