Hello all,
I 've noticed the following behavior when trying to re-authenticate
(renew=true) to CAS server (v3.5.1):
The first time that the user accesses CAS login page and enters his
credentials, everything works as expected.
The problem is that whenever the user tries to re-authenticate
(renew=true), after submitting his credentials, he is redirected back to
login page even though his credentials are valid. Restarting CAS server
does not solve the problem. The only way to re-authenticate is to delete
cookies from the browser and then everything works ok but for the first
time again.
The problem, AFAICT, seems to be the terminateWebSessionListener and
its default timeToDieInSeconds value (2 sec).
It seems that, when the user already has a cookie in his browser,
timeToDieInSeconds is the time frame that the user has to enter and
submit his credentials from the moment that he accesses the login page.
Increasing timeToDieInSeconds seems to be a solution/workaround, but I
don't know if there are any side effects...
Is there anyone else that has noticed the same behavior?
Thanks in advance,
Pavlos
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
