Hi All, There appears to be a potential solution for this being worked on in the 7.3.0-SNAPSHOT version of CAS. The commit is here:
https://github.com/apereo/cas/commit/bf27b046e43029666dea64aba1a866bb67c010e9 I just tested this by changing my 7.2.1-SNAPSHOT build to 7.3.0-SNAPSHOT. You can then use this property: # This defaults to BROWSER_STORAGE cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY This appears to work and skips the interstitial pages that read/write from localstorage in the browser. I have not yet tested this for Android but will. On Thu, Apr 10, 2025 at 8:15 AM Jonathon Taylor <[email protected]> wrote: > Agreed. This does not just affect Gmail on Android, but also common > applications such as GlobalProtect VPN clients and I'm sure other commonly > used software. I do appreciate the pull request and we will likely be > using the solution Mark posted. > > On Wed, Apr 2, 2025 at 4:50 AM David Gelhar <[email protected]> > wrote: > >> Hi Mark, >> >> Thank you for posting that pull request. We have encountered similar >> problems since upgrading to CAS7 so your analysis (and workaround) is going >> to prove very helpful. >> >> The attitude of the CAS project around this issue is frankly >> incomprehensible. They have introduced a change that completely breaks >> authentication for a very significant user population (Gmail on an Andoid >> device is not exactly a "edge case"), and then declined to accept a fix >> because it would be "not worth maintaining". >> >> Thanks, >> >> David >> >> On Wednesday, March 12, 2025 at 9:00:46 AM UTC-4 Mark Oliver wrote: >> >>> Hi Jonathan, >>> >>> Unfortunately, that was a mistake on my part—a fix isn’t in the >>> mentioned file. >>> >>> I did submit a pull request for a fix here, but it was rejected because >>> it changed the core functionality of CAS, and the project doesn’t want to >>> maintain that, which is fair enough: >>> https://github.com/apereo/cas/pull/6305 >>> >>> Going forward, we’re managing our own version of the file. Given that, >>> I’ve simplified it by solely relying on sessionStorage. >>> >>> Cheers, >>> Mark >>> On Thursday, 6 March 2025 at 13:52:01 UTC Jonathon Taylor wrote: >>> >>>> Hi Mark, >>>> >>>> We are running into this same issue. Would you mind pointing me to >>>> what in the master branch version resolved this issue for you? We are >>>> seeing the issue with 7.1.4 currently. >>>> >>>> On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community < >>>> [email protected]> wrote: >>>> >>>>> Thanks Ray, >>>>> >>>>> I was able to find the latest file on the master branch which looks >>>>> like it's been fixed: >>>>> >>>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/static/js/cas.js >>>>> >>>>> Cheers. >>>>> Mark >>>> >>>> >>>>> >>>>> On Tuesday, 7 January 2025 at 06:26:59 UTC Ray Bon wrote: >>>>> >>>>>> Mark, >>>>>> >>>>>> You can start with >>>>>> https://apereo.github.io/cas/developer/Contributor-Guidelines.html >>>>>> <https://apereo.github.io/cas/developer/Build-Process.html> >>>>>> >>>>>> Ray >>>>>> >>>>>> On Mon, 2025-01-06 at 06:30 -0800, 'Mark Oliver' via CAS Community >>>>>> wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> We recently attempted to upgrade our CAS installation from 6.6 to 7.x >>>>>> and encountered a blocking issue with Android’s embedded WebView >>>>>> (specifically in the Gmail app). >>>>>> >>>>>> In CAS 7.x, the default src/main/static/js/cas.js file appears to >>>>>> rely more heavily on localStorage. However, the Gmail app’s built-in >>>>>> WebView which is used for registering an account does not properly >>>>>> support >>>>>> localStorage. This leads to errors in the authentication flow, causing >>>>>> the >>>>>> WebView browser to hang after CAS credentials are submitted. In CAS 6.6, >>>>>> the code primarily used sessionStorage, and this issue never arose. >>>>>> >>>>>> To work around the problem, I’ve updated cas.js so that it first >>>>>> checks if localStorage is available, and if not, it falls back to an >>>>>> in-memory object or to sessionStorage. This resolves the problem for our >>>>>> users. >>>>>> >>>>>> - So firstly is this a known issue, as of 7.1.3 that issue still >>>>>> remains. >>>>>> - If a fix is welcome, where should I submit a pull request for the >>>>>> src/main/static/js/cas.js file? >>>>>> >>>>>> Cheers. >>>>>> Mark >>>>>> >>>>>> >>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> Jonathon Taylor (he/him) >>>> Information Security Office >>>> [email protected] >>>> >>> > > -- > Jonathon Taylor (he/him) > Information Security Office > [email protected] > -- Jonathon Taylor (he/him) Information Security Office [email protected] -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABzqDo_H2G0thGvdD4__1A9ZGy_ZxGa9xtQmg3AqVG0gXWd%3D4g%40mail.gmail.com.
