CAS renew not honored in v3.4.1
Andrew Morgan
morgan at orst.edu
Wed Dec 19 17:17:19 EST 2018
I upgraded from IDP v3.3.1 to v3.4.1 recently. We have several CAS
clients that are using the renew parameter to force a re-auth. We didn't
notice until doing some testing today, but the IDP seems to be ignoring
the renew parameter (it uses the SSO session and does not prompt for
re-auth).
I don't know what logging is appropriate to expose this behavior in my
logs, but I have Live HTTP Headers logs showing a 302 redirect from
/cas/login back to my app instead of the login page.
Here is a snippet:
GET https://login.oregonstate.edu/idp/profile/cas/login?service=http%3A%2F%2Fpeople.oregonstate.edu%2F%7Emorgan%2FCAS-1.3.4%2Ftest.php&renew=true HTTP/1.1
HTTP/1.1 302 302
Location: http://people.oregonstate.edu/~morgan/CAS-1.3.4/test.php?ticket=ST-AAFHGZLDOJSXIMJQHE36VXJ2WHL4NCFIDYILQVM7FTQE72WBKCNC6MFOIEO542IP6HJZRRVW6ONMBVNXBYPSEDK4LSRZSLM23CXXEYJTVUFTQN5BFYPOIJKBKG2KPP7PECGBDOSQ2CT3XREBZA36FDARGLFJ7TLXWXKP3AKXVDM52FFKX5QSYOC7D3OQ4UW2N4WUFWEUGCGDHPFOBZEEEHUNJK7OULF4PFFA4A4V6RY54KEDNK752VZX27PMCQGNAJZTG6IJKIWNG3M2VVENFEOIU3XHFICKJSYMD6D5UUG5UDSBL2BJ4XESLFQNBDYJHRUVBNNTE4FNGS7PEM4U5D3BHZBYJ2KJZKZI6242KKJMAZFVEYX3KWNYRIQ76JSF2TPUNNF2YOP6H2SK7CVRJIXHZUCA----
Can anyone confirm this?
Thanks,
Andy Morgan
Systems Administrator, Identity & Access Management
Information Services | Oregon State University
More information about the users
mailing list