yes - when attempting to access the service it shows the expected login screen.
confirming that the authentication succeed with an already expired TGT seems not intuitive to me. i understood the spec in the following way: "a login screen or something similiar is requested when the user doesn't have a valid TGT". but good to know it's not a bug ... Cheers, Frank On 02.12.2010 18:09, Scott Battaglia wrote: > Its the correct behavior. The only time a TGT is checked for validity > is when you actually try and use it. The definition of use includes > actually attempting to access a service. > > Cheers, > Scott > > On Thu, Dec 2, 2010 at 11:55 AM, Frank Taffelt > <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > i just want you to confirm if the following behavior is correct > during a /cas/login request: > > 1. fresh /cas/login gets a new cas TGT > 2. wait a moment to let the TGT expire (i have set my > grantingTicketExpirationPolicy value to 30 seconds) > 3. request for /cas/login gives me a message that i have > successfully authenticated > > a variation of step 3 with a service URL parameter gives me a > login form to enter my credentials. > > shouldn't the request for /cas/login with an invalid TGT always > gives me a login form but never say i have successfully > authenticated ? > > i have read the protocol spec from > http://www.jasig.org/cas/protocol but found no concrete answer for > this scenario. Maybe someone could clarify on this topic? > > P.S. i tested this with clean cas server packages (versions > 3.4.2,3.4.3.1) . the only modifications i made to the value for > grantingTicketExpirationPolicy set to 30 seconds. > > Thanks, > Frank > > -- > > > > > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Frank Taffelt | Softwareentwickler | interface projects GmbH Zwinglistraße 11/13 | 01277 Dresden | Deutschland Tel: +49-351-31809-37 | Fax: +49-351-3361187 http://www.intergator.de Geschäftsführer: Dr. Uwe Crenze, Dr. Hellfried Lohse Amtsgericht Dresden HRB 8740 Ein Unternehmen der interface:business Gruppe Diese E-Mail kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail und ihrer Inhalteist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended addressee or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
