Technically the spec says we just need to check principals since one of the assumptions is that your userbase can be distinguished. However, the old authentication meta data may not be valid if you've logged in via a different method. Can you open a JIRA enhancement request for this and I'll take a look at it? Thanks -Scott
On Thu, May 29, 2008 at 6:51 PM, Larry Symms <[EMAIL PROTECTED]> wrote: > Larry Symms wrote: > > If the renew flag is set and the user logs into CAS a second time using > > another method than the original the old authentication metadata is > > still send to the app in response to the ST if the user names match. > > This is an issue if you're accepting authN from multiple domains that > > may have overlapping user names. What should happen is that the old > > authentication metedata should only be returned if the user and > > authenticationMethod both match. Otherwise a new TGT should be issued. > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > bump > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
