[NXP-7882] CAS2 authenticator is not thread safe - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.3.2
Fix Version/s: 5.5
Component/s: None

Tags:
- 532
- 541-hf13
- 542-hf13
- security

Description

When two users log in and retrieve a ticket from the CAS server at exactly the same time, they may end up with the other user's ticket (and so be logged in with its identity and rights).

This is due to the fact that in our CAS2 plugin the authenticator implementation is not thread-safe. We should correct that for ticket and proxy validators.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Stéphane Lacoin

Participants:

Jenkins, Stéphane Lacoin

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2011-11-16 16:06

Updated:

2015-11-25 13:55

Resolved:

2011-11-21 11:02