Hi cas-users,
I'm currently upgrading a CAS instance from version 3.3.5 to 3.4.2.1,
and have noticed a change to the format of the login tickets (ie, the
hidden field "lt" in the login form which is used to prevent replaying
credentials).
Previously they were nice and long (76 characters) and looked pretty
random. But since upgrading I'm getting very short login tickets
generated, and they always follow the same pattern: "e1s1", "e2s1",
"e3s1" etc. The CAS protocol states they should be "probabilistically
unique" which these are not.
I'm not familiar with the spring framework used by CAS, so I'm not sure
sure where to start looking. I have verified this happens with an
uncustomised maven build of 3.4.2.1. Is this intentional, or a bug?
Cheers,
Tim
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
