Hi,
i just want you to confirm if the following behavior is correct during a
/cas/login request:
1. fresh /cas/login gets a new cas TGT
2. wait a moment to let the TGT expire (i have set my
grantingTicketExpirationPolicy value to 30 seconds)
3. request for /cas/login gives me a message that i have successfully
authenticated
a variation of step 3 with a service URL parameter gives me a login form
to enter my credentials.
shouldn't the request for /cas/login with an invalid TGT always gives
me a login form but never say i have successfully authenticated ?
i have read the protocol spec from http://www.jasig.org/cas/protocol but
found no concrete answer for this scenario. Maybe someone could clarify
on this topic?
P.S. i tested this with clean cas server packages (versions
3.4.2,3.4.3.1) . the only modifications i made to the value for
grantingTicketExpirationPolicy set to 30 seconds.
Thanks,
Frank
--
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
