All, About a month and half ago, just before Christmas Break, we noticed that a few users had a great deal of login attempts/re-validations to a specific application. When I say great deal, I mean somewhere in the range of 6 to 7k login attempts in about a 1 hour time frame, by one user. Prior to this happening, we had discovered some issues with the way Firefox and Chrome format URLs that was causing us some issues. The URL formatting issue we found was that one browser would leave the leading / at the end of the URL and one wouldn't. When testing between browsers we noticed that if we had the Service URL configured with the leading / in the URL, one of the browsers would fail to authenticate with the "This Application is not authorized to use CAS". We decided to try and remedy this by adding ** at the end of the URL so that no matter if the leading / was there or not, it would allow the application to authenticate. This seemed to resolve our issue, but now we are seeing a great deal of logins from users accessing only this Application.
So, my question is, by adding the ** to the end of the URL, is that forcing everything on the page that is loaded to re-validate against the CAS because the ant matching is saying "validate anything past this point"? Ben Branch UNIX/Linux Administrator University of Central Oklahoma ITIL Foundation v3, Network+, RHCSA 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbranch@uco.<mailto:bbranch@uco.>edu | www.uco.edu<http://www.uco.edu/> "I am wiser than this man, for neither of us appears to know anything great and good; but he fancies he knows something, although he knows nothing; whereas I, as I do not know anything, so I do not fancy I do. In this trifling particular, then, I appear to be wiser than he, because I do not fancy I know what I do not know." - Socrates **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
