CAS Server
  1. CAS Server
  2. CAS-1011

Interoperability with Spring Security 3.1.0.M2

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.4.8
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      Linux

      Description

      As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invocation of eraseCredentials.

      <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
      <sec:authentication-provider ref="casAuthenticationProvider" />
      </sec:authentication-manager>

        Activity

        Hide
        Scott Battaglia added a comment -

        I'm not sure I understand what this has to do with the CAS server?

        Show
        Scott Battaglia added a comment - I'm not sure I understand what this has to do with the CAS server?
        Hide
        Scott Battaglia added a comment -

        This doesn't seem to have anything to do with the Server.

        Show
        Scott Battaglia added a comment - This doesn't seem to have anything to do with the Server.

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Karthik Iyer
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: