Hi Ray, First of all thank you for your interest into this problem. Remember me works.
User logs in with remember me checked Close browser, on windows I close Chrome from taskbar/taskmanager, since chrome is working somehow in the backround. On iPad I close safari from running apps When I open up again Chrome and check the cookies just the TGC is present since remember me was used, no app cookie as you stated out, app cookie expired when the browser was closed, as well TGC will not be present if the user didn't check remember me - the same thing you stated out. Then I access the app. It works in both scenarios :pc and iPad However if I switch the network and I will be doing the same step then instead I get redirected to the login form. So why in this case cas tgc doesn't get validated or sent? (maybe just the iPad is the troublemaker not sending the tgc? ) as I said I was able to reproduce it on my DEV. I have to try in prod on my laptop and see if I switch on my laptop the network will this work or not. Regarding your statement about app session. Hmmm that would be interesting to try. Definitely here I have more control so I should be doing the app session as long term authenticated On Wed, Dec 5, 2018, 20:02 Ray Bon <[email protected] wrote: > Catalin, > > 'Remember me' is a CAS session option and has nothing to do with your app > session. Closing your browser and keeping the log in to your app means that > your app has a long term cookie that lives while your browser is closed. > The CAS TGC, by default, will expire if the browser is closed. If you > visit a new app you would have to log in again. > > If your apps require log in after a network change, that is an app config > issue. > > Are users closing the browser when switching networks? > > If you want to see 'Remember me' in action, after logging in to your app > and waiting the minimum CAS session time, delete your app's cookies (not > CAS cookies). When you revisit your app, you will be redirected to CAS and > log in will proceed automatically. > > > > On Wed, 2018-12-05 at 01:43 -0800, Catalin Dobrea wrote: > > Hi, > > We use CAS 5.2.4 to protect some of our web apps and have SSO over them. > > One of our clients complains about this scenario: > > - The user authenticates successfully, via "Remember me" option presented > on the login form offered by CAS. (I can confirm that this long term > authentication works, for e.g. I'm closing Chrome from memory and then when > visiting the app no login is required) > - The users of the client are pretty much in the move, so they access the > apps we offer (protected by CAS) from different places: mobile network, > different wifis. > - So they complain that when they change the network they are required to > authenticate again even though they checked before the "Remember me" option. > > So my questions are: > > - Is this long term authentication sensible to IP changes? > - How this can be bypassed? - I scrolled thorough cas.properties to see > anything that might tweak this scenario but I was unable to identify any of > those > - I was able to reproduce this problem locally on my dev env, by > switching networks, another important thing is that devices from which they > access our apps are iPADs with Safari iOS 12 or so. I used an iPad as well > when reproducing this scenario > Can this also be the cause? because sometimes is a nightmare doing > custom things for iOS. So, can it happen that the TGC is not being sent on > Safari iOS when the network changes? > > Any starting point, helping me to find a fix or at least an explanation if > this scenario is intended, would be really appreciated! > > Thanks > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1544032921.2944.71.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1544032921.2944.71.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG6_%3DYDJJ0%3DC6RV%3DXFsOAEkWW_qg2wtBnvToGERE4fEjT8MYMA%40mail.gmail.com.
