> I have tested the scenario on 'renew' function: > 1. logon to app1 though CAS, get TGC1 (user1) > 2. logon to app1 use 'renew' through CAS again, get TGC2 (user2). > 3. go to app2 (protected by CAS), get user2 authorized info. > > The TGC2 will replace the first TGC1 in browser cookie. > > Is that the proper behavior for 'renew' function?
The behavior you described is correct, but it's not the renew workflow. For renew, you re-enter the credentials for user1, in which case you will _not_ be issued a new TGT. Regardless of the renew parameter, every time you authenticate with new credentials you will be issued a new TGT. This explains the new TGT when you authenticated as user2. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
