As described in fcrespel/jenkins-cas-plugin#9, Jenkins 2.160 and 2.150.2 LTS introduced changes to fix SECURITY-901 issues, which broke the CAS plugin (and others) with an infinite redirect loop.
This PR changes the login flow to handle the Acegi SecurityContext mapping and call SecurityListener.fireAuthenticated() in doFinishLogin(), so that the user seed is properly stored in session.
@Wadeck as you seem to have been working on the user seed feature in Jenkins core, would you mind taking a look at this PR before I merge it and release a new version of this plugin?
As described in fcrespel/jenkins-cas-plugin#9, Jenkins 2.160 and 2.150.2 LTS introduced changes to fix SECURITY-901 issues, which broke the CAS plugin (and others) with an infinite redirect loop.
This PR changes the login flow to handle the Acegi SecurityContext mapping and call
SecurityListener.fireAuthenticated()
indoFinishLogin()
, so that the user seed is properly stored in session.