Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.9.1, 2.10.1, 2.11.0
-
None
-
2
-
Severity 3 - Minor
-
2
-
Description
CrowdSSOAuthenticationToken is declared serializable, but the Principal it stores (CrowdUserDetails) is not.
This gets saved to the HTTP session, and can lead to errors when trying to use Crowd's Spring Security integration with a solution that does attempt to serialize the session (for example for session replication)