CAS uses the currently active session when navigating through the web flow.
There is no support for multiple single sign on sessions within a single
user agent. If you want a session to replace another session you must
either (a) log out of the first session or (b) use renew=true.
It is however, erroneous of us to report that the second attempt at
authentication actually did something. We should be detecting a POST,
without renew, and with a TGT as an exception.
On Sun, Mar 27, 2011 at 11:55 AM, Vivek Singh CHAUHAN <vivekchauhan.vc@
gmail.com> wrote:
> Thanks Marvin for providing the information, it helped me a lot.
>
> I checked the headers using a proxy tool and found that CASTGC cookie is
> being sent from browser.
>
> Also, on CAS server side I debugged the code and found that, cookie is
> being received as well.
>
> The code you have explained is perfect and work as you explained.
>
> The case where it does not work (because request never reach this code) is
> the scenario I explained initially.
>
> What happenes is, when we open two login forms in two tabs of same browser,
> InitialFlowSetupAction sets value of CASTGC as NULL in flow scope for both
> of the forms.
> When we try to authenticate from first page it works fine, as this is first
> time authentication and fresh TGT is generated for it.
> The issue comes when second page is submitted for authentication with
> different user credentials.
> For this page value of CASTGC was set as NULL in flow scope by
> InitialFlowSetupAction when it was first opened,
> but at the time, when it was submitted for authtication, CASTGC cookie was
> set for the first page TGT.
> In SendTicketGrantingTicketAction the value of CASTGC recieved is NULL
> because it was set by InitialFlowSetupAction and was never checked again
> in AuthenticationViaFormAction and hence this behaviour.
>
> If we set the value of CASTGC again in flowscope inside
> AuthenticationViaFormAction.submit method by checking if its not already set
> in flowscope
> then the solution will be more effective and whould work in all cases.
>
> I implemented the same and tested it and it works fine. The changes I made
> are as follows:
>
> 1. In cas-servlet.xml I changed the bean for authenticationViaFormAction
> from
>
> <bean id="authenticationViaFormAction"
> class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
>
> p:centralAuthenticationService-ref="centralAuthenticationService"
>
> p:warnCookieGenerator-ref="warnCookieGenerator"/>
>
> to
>
> <bean id="authenticationViaFormAction"
> class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
>
> p:centralAuthenticationService-ref="centralAuthenticationService"
>
> p:warnCookieGenerator-ref="warnCookieGenerator"
>
>
> p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"/>
>
> 2. Added following code in AuthenticationViaFormAction.submit method
> if(ticketGrantingTicketId==null)
> {
> final HttpServletRequest request =
> WebUtils.getHttpServletRequest(context);
> context.getFlowScope().put("ticketGrantingTicketId",
> this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
> }
>
> Kindly suggest if you see any issues due to this.
>
> Best Regards,
> Vivek
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
