Hi, I want to prevent the following situation.
Problem: STEP 1 User A: logins in to service http://example.service.com http://example.service.com redirects to cas. STEP 2: User A: logins in and is redirected to CAS.http://example.service.com?ticket=newTicket1 CAS set cookie STEP 3: User A throws ticket away. and returns to service, automated! Service redirects to cas. Cas redirects to service + ticket Infinite loop! User A throws ticket away. and returns to service, automated! Service redirects to cas. Cas redirects to service + ticket Solution: New table with following values: Ticket Granting Ticket id, RegisteredService, TimeStamp, #timesUsedSinceTimeStamp, TimeStamp: This is set every x amount of seconds/minutes pseudo code <code> if( Timestamp > (currentTime - measurementTime){ RegisteredService.timesUsedSinceTimeStamp =+ 1; } else{ TimeStamp = currentTime ; } if ( RegisteredService.timesUsedSinceTimeStamp > X*){ redirect to ErrorPage REPORT TO ADMIN } X(being the maximum of used within a certain time frame) </code> I am planning to implement this solution this week. The source code will be posted. I would just like to hear your advice, on how to implement this solution. So you don't have to change much, if you want to import it in cas. <== goal Kind regards, Danny -- View this message in context: http://www.nabble.com/possible-solution-preventing-abuse-cas-infinite-loop-redirect-service-tp23389145p23389145.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
