Hey all,
I wanted to share an issue I found and the fix so that perhaps someone
in the community can benefit. Moodle's CAS auth code (in version 2.6 and
likely others) request a gateway authN request immediately before
requesting the standard authN request. In theory this causes two Java
web sessions to be created and ended, but in some cases (when the
request and responses have little latency) the first session hasn't
ended yet because it's on a 2 second delay before exploding.
In this latter case, the Login form is shown and the session expires
while the user is typing in their credentials.
The fix from the CAS Server side is actually pretty simple. In the
cas-servlet.xml file, the terminateWebSessionListener bean's
timeToDieInSeconds property needs to be set to zero (0), like this:
<bean id="terminateWebSessionListener"
class="org.jasig.cas.web.flow.TerminateWebSessionListener"
p:serviceManagerUrl="${cas.securityContext.serviceProperties.service}"
p:timeToDieInSeconds="0" />
Then the session dies immediately after the webflow ends instead of
waiting two seconds. I don't know if there is a down side to making this
change or not, but so far it has worked for two client applications (one
Moodle and one was custom).
If someone wants to see a detailed explanation of what is going on, then
you can see my blog posting at
https://www.unicon.net/about/blog/moodles-race-with-cas-server.
--
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
