2.2? So you're still using the Yale version? -Scott
-Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jan 15, 2009 at 10:26 PM, Adam Moore <[email protected]> wrote: > Version 2.2 > > > Scott Battaglia wrote: > > So two different CAS clients which would mean if there were any problems it > would be in the CAS server. > > Which versions of the server are you guys using? > > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Thu, Jan 15, 2009 at 10:12 PM, Adam Moore <[email protected]> wrote: > >> Drupal is PHP so I am using PHPCAS 0.6 I think. >> >> Scott Battaglia wrote: >> >> Are you using the JASIG CAS Client for Java 3.1 also? >> >> Can you post your configuration? >> >> -Scott >> >> -Scott Battaglia >> PGP Public Key Id: 0x383733AA >> LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> On Thu, Jan 15, 2009 at 4:23 PM, Adam Moore <[email protected]> wrote: >> >>> I have had the same issues when casifying Drupal. It's impossible to do >>> it at will, but the user they log in as is usually the last user that >>> had logged in. I would love to get a final solution and the security >>> implications are very high. >>> >>> Adam >>> >>> Jim Stoll wrote: >>> > For those CAS-ifying Confluence via the JASIG CAS client for Java 3.1 >>> > (as per instructions here: >>> > >>> http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1 >>> ), >>> > has anyone ever experienced the situation where users get into >>> > Confluence as the wrong user? >>> > >>> > The basic scenario is: >>> > 1. User makes initial request to >>> https://wiki.our.site/dashboard.action, >>> > and is taken to our 'public' wiki page (ie, unauthenticated users can >>> > see the initial dashboard page) >>> > 2. User clicks the 'Log In' link from the Confluence dashboard page >>> > 3. User is redirected to the CAS login page >>> > 4. User enters their own username and password and logs in through CAS >>> > 5. User is taken into Confluence as another user entirely (ie, the >>> > Dashboard shows the wrong user name, and the user is in another user's >>> > permission scheme - can see content they shouldn't see, and can't see >>> > content they should see) >>> > >>> > I am currently unable to reproduce the problem at will, but we have had >>> > two users experience this in the past week (that we're aware of, I >>> > suspect there have probably been other occurrences we're not aware of, >>> > though I have yet to find a way to identify this type of situation in >>> > the logs). In the two cases I'm aware of, the 'wrong' user that the >>> > person was authenticated into Confluence as, had never previously been >>> > on the client machine that experienced the problem. (just FYI). We have >>> > other applications that are CAS-ified (mixture of PHP and Java >>> clients), >>> > and we haven't yet seen this behavior on those. >>> > >>> > I'd appreciate any help, insight or advice, as this is a pretty serious >>> > situation for us. >>> > >>> > Thanks! >>> > >>> > Jim >>> > >>> > >>> > _______________________________________________ >>> > Yale CAS mailing list >>> > [email protected] >>> > http://tp.its.yale.edu/mailman/listinfo/cas >>> > >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >> >> >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
