Version 2.2
Scott Battaglia wrote:
So two different CAS clients which would mean if there were any
problems it would be in the CAS server.
Which versions of the server are you guys using?
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Jan 15, 2009 at 10:12 PM, Adam Moore <[email protected]
<mailto:[email protected]>> wrote:
Drupal is PHP so I am using PHPCAS 0.6 I think.
Scott Battaglia wrote:
Are you using the JASIG CAS Client for Java 3.1 also?
Can you post your configuration?
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Jan 15, 2009 at 4:23 PM, Adam Moore <[email protected]
<mailto:[email protected]>> wrote:
I have had the same issues when casifying Drupal. It's
impossible to do
it at will, but the user they log in as is usually the last
user that
had logged in. I would love to get a final solution and the
security
implications are very high.
Adam
Jim Stoll wrote:
> For those CAS-ifying Confluence via the JASIG CAS client
for Java 3.1
> (as per instructions here:
>
http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1),
> has anyone ever experienced the situation where users get into
> Confluence as the wrong user?
>
> The basic scenario is:
> 1. User makes initial request to
https://wiki.our.site/dashboard.action,
> and is taken to our 'public' wiki page (ie, unauthenticated
users can
> see the initial dashboard page)
> 2. User clicks the 'Log In' link from the Confluence
dashboard page
> 3. User is redirected to the CAS login page
> 4. User enters their own username and password and logs in
through CAS
> 5. User is taken into Confluence as another user entirely
(ie, the
> Dashboard shows the wrong user name, and the user is in
another user's
> permission scheme - can see content they shouldn't see, and
can't see
> content they should see)
>
> I am currently unable to reproduce the problem at will, but
we have had
> two users experience this in the past week (that we're
aware of, I
> suspect there have probably been other occurrences we're
not aware of,
> though I have yet to find a way to identify this type of
situation in
> the logs). In the two cases I'm aware of, the 'wrong' user
that the
> person was authenticated into Confluence as, had never
previously been
> on the client machine that experienced the problem. (just
FYI). We have
> other applications that are CAS-ified (mixture of PHP and
Java clients),
> and we haven't yet seen this behavior on those.
>
> I'd appreciate any help, insight or advice, as this is a
pretty serious
> situation for us.
>
> Thanks!
>
> Jim
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected] <mailto:[email protected]>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
