CAS Server
  1. CAS Server
  2. CAS-1011

Interoperability with Spring Security 3.1.0.M2

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.4.8
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      Linux

      Description

      As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invocation of eraseCredentials.

      <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
      <sec:authentication-provider ref="casAuthenticationProvider" />
      </sec:authentication-manager>

        Activity

        Karthik Iyer created issue -
        Andrew Petro made changes -
        Field Original Value New Value
        Description As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invoation of eraseCredentials.

        <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
                <sec:authentication-provider ref="casAuthenticationProvider" />
            </sec:authentication-manager>
        As per https://jira.springsource.org/browse/SEC-1493 the eraseCredentialsAfterAuthentication property on authentication manager needs to erase credentials only if set to true. Specfying this in securityContext.xml has no effect and the credentials always gets set to NULL by invocation of eraseCredentials.

        <sec:authentication-manager alias="casAuthenticationManager" erase-credentials="false">
                <sec:authentication-provider ref="casAuthenticationProvider" />
            </sec:authentication-manager>
        Hide
        Scott Battaglia added a comment -

        I'm not sure I understand what this has to do with the CAS server?

        Show
        Scott Battaglia added a comment - I'm not sure I understand what this has to do with the CAS server?
        Hide
        Scott Battaglia added a comment -

        This doesn't seem to have anything to do with the Server.

        Show
        Scott Battaglia added a comment - This doesn't seem to have anything to do with the Server.
        Scott Battaglia made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        420d 11m 1 Scott Battaglia 14/Sep/12 10:08 PM

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Karthik Iyer
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: