Folks,
I am working with CAS 3.4.11. While testing combinations of "service" and "renew" parameters that belong to the "/login" URI, I noticed that when a single sign-on session exists, the renew parameter only requires the client to present credentials when the service parameter is also specified. If only "renew=true" is passed to "/login", then the user always faces the "login successful" without being asked to present credentials. Is this behavior not in contrast with the CAS protocol where both renew and service parameters are defined as optional? In the description of the renew parameter in the CAS protocol, I couldn't find a requirement for the service. I want to make sure that the behavior I described is in fact intended and is in alignment with the CAS protocol. Regards, -Misagh -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
