You're quite behind on your CAS versions so any help we give will be limited.
Its possible the "error" state of the flow is pointing to displaying the credentials form if the TGT is expired instead of where collecting credentials starts. You can try adjusting that. Cheers, Scott On Wed, Mar 30, 2011 at 8:58 AM, J Lopez <[email protected]> wrote: > Hi, > > I have a working CAS server (version 3.2) that uses SPNEGO,X509 > certificates and JAAS Autentication against kerberos (login creedentials > view). > When a TGT is expired due TimeOutPolicy (default time 2 hours) the full > autentication flow is not triggered and user ends in the login creedentials > form. > My problem is that regulars users (80% of staff) does not have > creedentials enabled, they use certificates and/or SPNEGO authentication. > > We are using a workaround of closing the browser and trying again an > access to the application then a correct login flow is executed and user log > into the application using SPNEGO or certificates. > > Is there a method to prevent this behaviour when TGT expires? > Our security policies does not allow us to extend TGT timeout policy > Is issue CAS-686 related to this? > > > thanks in advance. > -- > Saludos. > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
