Hi group,

since I am not sure where to better report a bug, I am doing it here. I am 
also looking for advice if the pac4j issue tracker might be a better place 
to report.

We are using CAS Server 6.1.5 to federate the customer login to several of 
our services via OpenID Connect.

It came to our attention that if a yet unauthenticated user opens several 
services at once in different windows/tabs of the same browser. Only the 
first authentication process attempted will succeed. Submission of a second 
still open login form will result in the display of the error message 
"Error: No message available".

In the first submission of the credentials the POST to /cas/login will send 
a redirect (302) to 
/cas/oauth2.0/callbackAuthorize which in turn will redirect to 
/cas/oidc/authorize which will finally redirect to the service.

In the second submission of the credentials the POST will also send a 
redirect to 
/cas/oauth2.0/callbackAuthorize, which will use and invalidate the issued 
service ticket and send a redirect to 
/cas/oauth2.0/callbackAuthorize again (NOT to 
/cas/oidc/authorize). On the second call of 
/cas/oauth2.0/callbackAuthorize the supplied ticket is already invalidated 
and gives rise to a org.apereo.cas.ticket.InvalidTicketException and in 
turn to the 
"Error: No message available" error presented to the user.

I tried changing cas.authn.oauth.replicateSessions to true, which resulted 
in no change to the problem.

Any input would be greatly appreciated!

Thanks,
Marcus

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c4f2cc5a-a4d1-4717-8acd-fbc340fc41db%40apereo.org.

Reply via email to