Hi I have a remark concerning the webflow of CAS when using OpenID.
When a user wants to log in with OpenID, (s)he enters the state OpenIdSingleSignOnAction where the actionbean OpenIdSingleSignOnAction is executed. When an error is returned in this method, the webflow will redirect the user to the viewLoginForm. If now, you log in with another user on the redirected viewLoginForm after the error, this users credentials will be used to validate the other user his OpenID-account. I would think it is wrong to redirect to the viewLoginForm after an error occured in the OpenIdSingleSignOnAction. Johan Peeters _________________________________________________________________ Je hele online leven op één stek met Windows Live http://www.microsoft.com/belux/nl/windows/windowslive/default.aspx -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
