Hello All, As the subject shows, I'm trying to figure out a way to strip the Service Ticket out of the browser URL after a user has been authenticated and allowed to access a resource. Everything seems to be working properly in terms of functionality for the user, but the Service Ticket is still present. The CAS Protocol Diagram <https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol.html> indicates that it should be stripped off after the protected service validates the ST, but that's not happening in my case.
My service is using Spring Boot with *spring-security-cas*, so please let me know if I'm in the wrong place. I'm not sure how much interplay exists between Spring and CAS for this client module, but I've seen some very helpful responses here before so I thought I'd try. I even tried to specifically set the Artifact Parameter in the ServiceProperties bean to "ticket" (even though it should be that by default), but nothing changed. I've also looked through the spring-security-cas <https://github.com/spring-projects/spring-security/tree/master/cas> code and haven't come across any code that would be removing the ticket. This is creating some problems with routing in the front end, so I'd appreciate some advice on how to do this and send the 302 to the proper URL (without the ticket parameter). Thanks in advance! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/37ffdf33-c267-4166-973d-15fd45766a4b%40apereo.org.
