Drupal is PHP so I am using PHPCAS 0.6 I think.
Scott Battaglia wrote:
Are you using the JASIG CAS Client for Java 3.1 also?
Can you post your configuration?
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Jan 15, 2009 at 4:23 PM, Adam Moore <[email protected]
<mailto:[email protected]>> wrote:
I have had the same issues when casifying Drupal. It's impossible
to do
it at will, but the user they log in as is usually the last user that
had logged in. I would love to get a final solution and the security
implications are very high.
Adam
Jim Stoll wrote:
> For those CAS-ifying Confluence via the JASIG CAS client for
Java 3.1
> (as per instructions here:
>
http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1),
> has anyone ever experienced the situation where users get into
> Confluence as the wrong user?
>
> The basic scenario is:
> 1. User makes initial request to
https://wiki.our.site/dashboard.action,
> and is taken to our 'public' wiki page (ie, unauthenticated
users can
> see the initial dashboard page)
> 2. User clicks the 'Log In' link from the Confluence dashboard page
> 3. User is redirected to the CAS login page
> 4. User enters their own username and password and logs in
through CAS
> 5. User is taken into Confluence as another user entirely (ie, the
> Dashboard shows the wrong user name, and the user is in another
user's
> permission scheme - can see content they shouldn't see, and
can't see
> content they should see)
>
> I am currently unable to reproduce the problem at will, but we
have had
> two users experience this in the past week (that we're aware of, I
> suspect there have probably been other occurrences we're not
aware of,
> though I have yet to find a way to identify this type of
situation in
> the logs). In the two cases I'm aware of, the 'wrong' user that the
> person was authenticated into Confluence as, had never
previously been
> on the client machine that experienced the problem. (just FYI).
We have
> other applications that are CAS-ified (mixture of PHP and Java
clients),
> and we haven't yet seen this behavior on those.
>
> I'd appreciate any help, insight or advice, as this is a pretty
serious
> situation for us.
>
> Thanks!
>
> Jim
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected] <mailto:[email protected]>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
