Checking again it's esup-cas-server-2.0.5-1
Scott Battaglia wrote:
2.2? So you're still using the Yale version?
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Jan 15, 2009 at 10:26 PM, Adam Moore <[email protected]
<mailto:[email protected]>> wrote:
Version 2.2
Scott Battaglia wrote:
So two different CAS clients which would mean if there were any
problems it would be in the CAS server.
Which versions of the server are you guys using?
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Jan 15, 2009 at 10:12 PM, Adam Moore
<[email protected] <mailto:[email protected]>> wrote:
Drupal is PHP so I am using PHPCAS 0.6 I think.
Scott Battaglia wrote:
Are you using the JASIG CAS Client for Java 3.1 also?
Can you post your configuration?
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Jan 15, 2009 at 4:23 PM, Adam Moore
<[email protected] <mailto:[email protected]>> wrote:
I have had the same issues when casifying Drupal. It's
impossible to do
it at will, but the user they log in as is usually the
last user that
had logged in. I would love to get a final solution and
the security
implications are very high.
Adam
Jim Stoll wrote:
> For those CAS-ifying Confluence via the JASIG CAS
client for Java 3.1
> (as per instructions here:
>
http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1),
> has anyone ever experienced the situation where users
get into
> Confluence as the wrong user?
>
> The basic scenario is:
> 1. User makes initial request to
https://wiki.our.site/dashboard.action,
> and is taken to our 'public' wiki page (ie,
unauthenticated users can
> see the initial dashboard page)
> 2. User clicks the 'Log In' link from the Confluence
dashboard page
> 3. User is redirected to the CAS login page
> 4. User enters their own username and password and
logs in through CAS
> 5. User is taken into Confluence as another user
entirely (ie, the
> Dashboard shows the wrong user name, and the user is
in another user's
> permission scheme - can see content they shouldn't
see, and can't see
> content they should see)
>
> I am currently unable to reproduce the problem at
will, but we have had
> two users experience this in the past week (that we're
aware of, I
> suspect there have probably been other occurrences
we're not aware of,
> though I have yet to find a way to identify this type
of situation in
> the logs). In the two cases I'm aware of, the 'wrong'
user that the
> person was authenticated into Confluence as, had never
previously been
> on the client machine that experienced the problem.
(just FYI). We have
> other applications that are CAS-ified (mixture of PHP
and Java clients),
> and we haven't yet seen this behavior on those.
>
> I'd appreciate any help, insight or advice, as this is
a pretty serious
> situation for us.
>
> Thanks!
>
> Jim
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected] <mailto:[email protected]>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
