Hello,
There's only one user-visible difference between 6.2.2 and 6.2.[34] : the
alert message is not displayed.
Otherwise, everything works as expected and we are redirected to the app
after login.
Yes, I have checked the source code, and the warning message is still
supposed to be displayed.
See code in
/support/cas-server-support-thymeleaf/src/main/resources/templates/fragments/loginform.html:
<div th:if="${existingSingleSignOnSessionAvailable}">
<i class="mdi mdi-alert-decagram"></i>
<span class="mdc-button__label"
th:utext="#{screen.welcome.forcedsso(${existingSingleSignOnSessionPrincipal.id},${registeredService.name})}"
/>
</div>
-> existingSingleSignOnSessionAvailable is set to false whereas it should
be set to true (in fact, we have noticed, because our own UI customization
relies on existingSingleSignOnSessionAvailable being set properly!).
I have not yet been able to build and test from source to find which commit
in git log v6.2.2..v6.2.3 has changed the behavior.
Damien
Le vendredi 23 octobre 2020 à 20:21:02 UTC+2, Ray Bon a écrit :
> Damien,
>
> My applogies. I thought 'login UI' was in your test app.
>
> Is the cas login page displayed in 6.2.4, but the alert message is not, or
> are you redirected to the test app?
>
> You could check the source for the log in page,
> https://github.com/apereo/cas, maybe that text has been removed.
>
> Still, check the logs to see what is different.
>
> Ray
>
> On Fri, 2020-10-23 at 10:12 -0700, Dmngb wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Ray,
>
> I don't get why you say that 6.2.2 behaviour is wrong.
>
> On both versions (6.2.2 and 6.2.3), the login UI is displayed and asks the
> user to re-log (this is expected with the renew parameter!).
>
> On 6.2.3, however, the following alert message is not displayed anymore
> above the username text field:
> "Welcome back, <code><strong>{0}</strong></code>. We have detected an
> existing single sign-on session for you. However, you are being asked to
> re-authenticate again. Please enter your Username and Password and proceed."
>
>
> Damien
>
>
> Le vendredi 23 octobre 2020 à 18:27:31 UTC+2, Ray Bon a écrit :
>
> Damien,
>
> With renew parameter set to true (i.e. force login), the 6.2.2 behaviour
> is incorrect.
> Turn up logging to see what cas is thinking.
>
> Ray
>
> On Fri, 2020-10-23 at 06:31 -0700, Dmngb wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hello all,
>
> We have observed a behavior change between 6.2.2 and 6.2.3/6.2.4,
> regarding forced renew.
>
> Nothing obvious stands out in the 'git diff v6.2.2..v6.2.3'.
>
> (I have not been able to bisect further and propose a fix: I still have
> not found the exact command line to build and deploy sucessfully from
> sources to my maven local repo. But this is another topic.).
>
> In 6.2.2:
>
>
> 1. Go to http://cas/login?renew=true&TARGET=http://testapp/ (note:
> our testapp does not validate the service ticket – I don't think it's
> relevant for the issue at hand, but I mention it just in case)
> 2. Login
> 3. Go to http://cas/login?renew=true&TARGET=http://testapp/
>
> Result (as expected): the login UI shows ‘welcome back ‘user’, …’
>
>
> In 6.2.3/6.2.4:
>
> Same steps for 1/2/3
>
> Result: the login UI does not show ‘welcome back ‘user’, …’
>
> -> e.g. existingSingleSignOnSessionAvailable seems to be false in the
> context used by loginform.html
>
> Bug reproduced with a very basic CAS overlay:
>
>
> - cas-server-webapp-jetty + cas-server-support-rest
> + cas-server-support-json-service-registry
> - application.properties
>
> server.port=15446
>
> server.address=127.0.0.1
>
> server.ssl.enabled=false
>
> server.servlet.context-path=/cas
>
> cas.authn.accept.users=user::user
>
> cas.logout.followServiceRedirects=true
>
> cas.httpClient.allowLocalLogoutUrls=true
>
> cas.service-registry.json.location=classpath:/services
>
>
> - Json registry: an "allow all" service in services/all.json
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : ".*",
>
> "name" : "ALL-SERVICES",
>
> "id" : 10000001
>
> }
>
>
> D.
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6a4315c-af08-440c-a888-f2b72a8b6b5dn%40apereo.org.
