Our support desk brought up an issue where users are calling to report a "500 error" when trying to log in to some of our SPs. After some troubleshooting, we determined that the issue is due to users bookmarking the login page when trying to log in to SAML2 SPs. This is how we've reproduced the issue:
1. Visit the SPs URL (e.g., mail.google.com) and start the process of logging in via SSO 2. When the CAS login page is reached, save the URL or bookmark it 3. In a new tab, paste the URL or click the bookmark; the CAS login page will be displayed (everything looks fine to the user) 4. Log in 5. Get the error page The CAS logs will show an error message stating, "SAML request or context could not be determined from session store". This is because the SP was bypassed and therefore no request was generated and passed in the session header. My question is this: Has anyone seen/dealt with this issue? Obviously, we can try to train users to not bookmark the login page, but that will not solve the issue for those who ignore the warnings. I'm hoping someone has some ideas for how to communicate with users when they've gotten themselves into this situation. I appreciate any help or ideas. Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/97462fd1-7279-482a-be96-991833daf480n%40apereo.org.
