I confirm that changing ticketGrantingTicketExistsCheck to
viewLoginForm seems to work for me.
Kevin
On 21 Jan 2008, at 17:52, Sewell K H (LCSS) wrote:
Can't rely on me, sorry, I don't really know what I'm doing yet.
I found that if a user has already authenticated with CAS (say, via
mod_auth_cas), and then revisits the CAS server via an OpenID
relying party, the CAS server will verify any URL.
I guessed that this is because the Principals are different (so
"error" in the openIdSingleSignOnAction), and so
"ticketGrantingTicketExistsCheck", which will exist as a user has
already authenticated (?). I'm not familiar with webflow though, so
I don't know if the problem is further on down, e.g.,
"renewRequestCheck".
Anyway, eventually the user should probably re-authenticate
("viewLoginForm") if the Principals are different. Also, all the
other "error"s in login-webflow.xml are "viewLoginForm".
Cheers,
Kevin
On 21 Jan 2008, at 16:30, Scott Battaglia wrote:
You're definitely right about the incorrect
CredentialsToPrincipalResolver. I've updated our wiki about that.
I can't recall the other thing off the top of my head and I'm not
set up to test it right now. I'm guessing you have?
-Scott
On Jan 21, 2008 10:52 AM, Sewell K H (LCSS) <[EMAIL PROTECTED]>
wrote:
Hi,
I've read and followed http://www.ja-sig.org/wiki/display/CASUM/OpenID
.
I'm a bit of a noob, so could you confirm that this:
<action-state id="openIdSingleSignOnAction">
<action bean="openIdSingleSignOnAction" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="ticketGrantingTicketExistsCheck" />
<transition on="warn" to="warn" />
</action-state>
is supposed to be, or is more properly:
<action-state id="openIdSingleSignOnAction">
<action bean="openIdSingleSignOnAction" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
<transition on="warn" to="warn" />
</action-state>
and this:
<bean
class
=
"org
.jasig
.cas
.support
.openid
.authentication.principal.OpenIdCredentialsAuthenticationHandler" />
is supposed to be:
<bean
class
=
"org
.jasig
.cas
.support
.openid
.authentication.principal.OpenIdCredentialsToPrincipalResolver" />
Thanks,
Kevin
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
