[Geoserver-devel] [jira] (GEOS-5294) Valid CAS service tickets must result in an HTTP session creation

Christian Mueller created BugGEOS-5294
Valid CAS service tickets must result in an HTTP session creation

Issue Type:

BugBug

Affects Versions:

2.3-beta1, 2.2

Assignee:

Christian Mueller

Components:

Security

Created:

03/Sep/12 2:38 AM

Description:

A CAS service ticket is valid only once. The protocol is transparent for the client, the client itself never sees a CAS ticket.

If a client (e.g. openlayers) uses CAS to authenticate against stateless (OGC) services, the authentication filter has to create an HTTP session to store the authentication token, otherwise only one geoserver request is possible.

Project:

GeoServer

Priority:

MajorMajor

Reporter:

Christian Mueller

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your [JIRA administrators](https://jira.codehaus.org/secure/ContactAdministrators!default.jspa). For more information on JIRA, see: [http://www.atlassian.com/software/jira](http://www.atlassian.com/software/jira)