> If only > “renew=true” is passed to “/login”, then the user always faces the “login > successful” without being asked to present credentials.
I would argue that is consistent with the intent of the protocol document if not the precise letter. The purpose of renew is to require authentication when accessing a service. Since the user has not requested access to a service by virtue of omitting the service parameter, the server does not attempt to authenticate the user. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
