Jim, If there was a problem, the only place for the issue could crop up would be: https://www.ja-sig.org/svn/cas-clients/java-client/trunk/cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/ConfluenceCasAuthenticator.java
I don't see any problems with the code (other than the double not-null assertion check). The majority of it relies on Atlassian written inherited code. If anyone has more experience with Confluence, maybe they could spot something. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jan 15, 2009 at 3:22 PM, Jim Stoll <[email protected]> wrote: > For those CAS-ifying Confluence via the JASIG CAS client for Java 3.1 > (as per instructions here: > > http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1 > ), > has anyone ever experienced the situation where users get into > Confluence as the wrong user? > > The basic scenario is: > 1. User makes initial request to https://wiki.our.site/dashboard.action, > and is taken to our 'public' wiki page (ie, unauthenticated users can > see the initial dashboard page) > 2. User clicks the 'Log In' link from the Confluence dashboard page > 3. User is redirected to the CAS login page > 4. User enters their own username and password and logs in through CAS > 5. User is taken into Confluence as another user entirely (ie, the > Dashboard shows the wrong user name, and the user is in another user's > permission scheme - can see content they shouldn't see, and can't see > content they should see) > > I am currently unable to reproduce the problem at will, but we have had > two users experience this in the past week (that we're aware of, I > suspect there have probably been other occurrences we're not aware of, > though I have yet to find a way to identify this type of situation in > the logs). In the two cases I'm aware of, the 'wrong' user that the > person was authenticated into Confluence as, had never previously been > on the client machine that experienced the problem. (just FYI). We have > other applications that are CAS-ified (mixture of PHP and Java clients), > and we haven't yet seen this behavior on those. > > I'd appreciate any help, insight or advice, as this is a pretty serious > situation for us. > > Thanks! > > Jim > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
