For those CAS-ifying Confluence via the JASIG CAS client for Java 3.1 (as per instructions here: http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1), has anyone ever experienced the situation where users get into Confluence as the wrong user?
The basic scenario is: 1. User makes initial request to https://wiki.our.site/dashboard.action, and is taken to our 'public' wiki page (ie, unauthenticated users can see the initial dashboard page) 2. User clicks the 'Log In' link from the Confluence dashboard page 3. User is redirected to the CAS login page 4. User enters their own username and password and logs in through CAS 5. User is taken into Confluence as another user entirely (ie, the Dashboard shows the wrong user name, and the user is in another user's permission scheme - can see content they shouldn't see, and can't see content they should see) I am currently unable to reproduce the problem at will, but we have had two users experience this in the past week (that we're aware of, I suspect there have probably been other occurrences we're not aware of, though I have yet to find a way to identify this type of situation in the logs). In the two cases I'm aware of, the 'wrong' user that the person was authenticated into Confluence as, had never previously been on the client machine that experienced the problem. (just FYI). We have other applications that are CAS-ified (mixture of PHP and Java clients), and we haven't yet seen this behavior on those. I'd appreciate any help, insight or advice, as this is a pretty serious situation for us. Thanks! Jim _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
