(originally from a different thread, but seems topically different enough to warrant its own)
There seems to be a bug handling renew=true for /validate and /serviceValidate for CAS 6.3.5. It also seems to be present in the current 6.4-snapshot. If we first establish an SSO session by logging in to app1, then we login to app2 (without setting renew=true) and attempt to either /validate or /serviceValidate app2 with renew=true, we expect this to fail, but instead it succeeds. It does fail as expected with /samlValidate, so this behavior is not consistent among the validation methods. This is a change from 6.3.4. -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2MiCgjHgm9AT2tC4_S0htRrngTSkYBU_6xaW0drRQinA%40mail.gmail.com.
