Its the correct behavior. The only time a TGT is checked for validity is when you actually try and use it. The definition of use includes actually attempting to access a service.
Cheers, Scott On Thu, Dec 2, 2010 at 11:55 AM, Frank Taffelt < [email protected]> wrote: > Hi, > > i just want you to confirm if the following behavior is correct during a > /cas/login request: > > 1. fresh /cas/login gets a new cas TGT > 2. wait a moment to let the TGT expire (i have set my > grantingTicketExpirationPolicy value to 30 seconds) > 3. request for /cas/login gives me a message that i have successfully > authenticated > > a variation of step 3 with a service URL parameter gives me a login form to > enter my credentials. > > shouldn't the request for /cas/login with an invalid TGT always gives me a > login form but never say i have successfully authenticated ? > > i have read the protocol spec from http://www.jasig.org/cas/protocol but > found no concrete answer for this scenario. Maybe someone could clarify on > this topic? > > P.S. i tested this with clean cas server packages (versions 3.4.2,3.4.3.1) > . the only modifications i made to the value for > grantingTicketExpirationPolicy set to 30 seconds. > > Thanks, > Frank > > -- > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
