Hi,
We use CAS 5.2.4 to protect some of our web apps and have SSO over them.
One of our clients complains about this scenario:
-
The user authenticates successfully, via "Remember me" option presented
on the login form offered by CAS. (I can confirm that this long term
authentication works, for e.g. I'm closing Chrome from memory and then
when visiting the app no login is required)
- The users
of the client are pretty much in the move, so they access the apps we
offer (protected by CAS) from different places: mobile network,
different wifis.
- So they complain that when they
change the network they are required to authenticate again even though
they checked before the "Remember me" option.
So my questions are:
- Is this long term authentication sensible to IP changes?
-
How this can be bypassed? - I scrolled thorough cas.properties to see
anything that might tweak this scenario but I was unable to identify any
of those
- I was able to reproduce this problem locally on
my dev env, by switching networks, another important thing is that
devices from which they access our apps are iPADs with Safari iOS 12 or
so. I used an iPad as well when reproducing this scenario
Can this also be the cause? because sometimes is a nightmare doing
custom things for iOS. So, can it happen that the TGC is not being sent
on Safari iOS when the network changes?
Any
starting point, helping me to find a fix or at least an explanation if
this scenario is intended, would be really appreciated!
Thanks