So multiple CAS server versions and implementations and multiple CAS clients! Ah! I guess we're going to have to wait for more details from whoever is noticing this.
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jan 15, 2009 at 11:09 PM, Adam Moore <[email protected]> wrote: > Checking again it's esup-cas-server-2.0.5-1 > > > > Scott Battaglia wrote: > > 2.2? So you're still using the Yale version? > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Thu, Jan 15, 2009 at 10:26 PM, Adam Moore <[email protected]> wrote: > >> Version 2.2 >> >> Scott Battaglia wrote: >> >> So two different CAS clients which would mean if there were any problems >> it would be in the CAS server. >> >> Which versions of the server are you guys using? >> >> >> -Scott Battaglia >> PGP Public Key Id: 0x383733AA >> LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> On Thu, Jan 15, 2009 at 10:12 PM, Adam Moore <[email protected]>wrote: >> >>> Drupal is PHP so I am using PHPCAS 0.6 I think. >>> >>> Scott Battaglia wrote: >>> >>> Are you using the JASIG CAS Client for Java 3.1 also? >>> >>> Can you post your configuration? >>> >>> -Scott >>> >>> -Scott Battaglia >>> PGP Public Key Id: 0x383733AA >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>> >>> >>> On Thu, Jan 15, 2009 at 4:23 PM, Adam Moore <[email protected]>wrote: >>> >>>> I have had the same issues when casifying Drupal. It's impossible to do >>>> it at will, but the user they log in as is usually the last user that >>>> had logged in. I would love to get a final solution and the security >>>> implications are very high. >>>> >>>> Adam >>>> >>>> Jim Stoll wrote: >>>> > For those CAS-ifying Confluence via the JASIG CAS client for Java 3.1 >>>> > (as per instructions here: >>>> > >>>> http://www.ja-sig.org/wiki/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1 >>>> ), >>>> > has anyone ever experienced the situation where users get into >>>> > Confluence as the wrong user? >>>> > >>>> > The basic scenario is: >>>> > 1. User makes initial request to >>>> https://wiki.our.site/dashboard.action, >>>> > and is taken to our 'public' wiki page (ie, unauthenticated users can >>>> > see the initial dashboard page) >>>> > 2. User clicks the 'Log In' link from the Confluence dashboard page >>>> > 3. User is redirected to the CAS login page >>>> > 4. User enters their own username and password and logs in through CAS >>>> > 5. User is taken into Confluence as another user entirely (ie, the >>>> > Dashboard shows the wrong user name, and the user is in another user's >>>> > permission scheme - can see content they shouldn't see, and can't see >>>> > content they should see) >>>> > >>>> > I am currently unable to reproduce the problem at will, but we have >>>> had >>>> > two users experience this in the past week (that we're aware of, I >>>> > suspect there have probably been other occurrences we're not aware of, >>>> > though I have yet to find a way to identify this type of situation in >>>> > the logs). In the two cases I'm aware of, the 'wrong' user that the >>>> > person was authenticated into Confluence as, had never previously been >>>> > on the client machine that experienced the problem. (just FYI). We >>>> have >>>> > other applications that are CAS-ified (mixture of PHP and Java >>>> clients), >>>> > and we haven't yet seen this behavior on those. >>>> > >>>> > I'd appreciate any help, insight or advice, as this is a pretty >>>> serious >>>> > situation for us. >>>> > >>>> > Thanks! >>>> > >>>> > Jim >>>> > >>>> > >>>> > _______________________________________________ >>>> > Yale CAS mailing list >>>> > [email protected] >>>> > http://tp.its.yale.edu/mailman/listinfo/cas >>>> > >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>> >>> >> >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
