CAS Jasig remember me uses old user attributes

Question

It seems that when login with remember me feature, the user attributes (comming from AttributeRepository) are not refreshed.

The use case : A user logs on monday. Its attributes are retrieved. On tuesday, its attributes change (roles for examples). On Wednesday, when it returns to the sit and authenticate via Rememberme, its old attributes values are returned by CAS server. If the user logs out and then logs in, its attributes are normally refreshed.

How to refresh the user attributes when login via remember me ?

I'm using CAS server 3.5.2.

For the best help on this you might want to e-mail the CAS listserv. They are extremely helpful. http://www.jasig.org/cas/mailing-lists — blamonet, Mar 26 '13 at 18:02

score 0 · Answer 1 · answered May 21 '13 at 03:12

Currently, those attributes are not refreshed. The attributes are retrieved at TGT generation time and serialized to the database (they are stored with the principal which is attached to the ticket). The CAS4-api branch solved that issue by always delegating to the underlying attribute repository which could decide to cache the attributes for a period of time. There is some work being done to transfer some of the API-branch code into the trunk, but not all of it is. If you want to see this in there, you should open a JIRA issue with this bug. I can provide details in the ticket on why this is happening and ways it can be fixed.

Thanks for this answer. Do you have an idea when the correction will be released ? I have done a workaround and maybe I can wait the next release to integrate this. — jmcollin92, Jun 14 '13 at 06:39

CAS Jasig remember me uses old user attributes

1 Answers1