That's a great find! Thanks for sharing that and testing it out. I'll be watching out for the new release :-)
Cheers. Mark On Fri, 11 Apr 2025 at 01:30, Jonathon Taylor <[email protected]> wrote: > I can confirm that this fixed my issue with our Palo Alto Global Protect > VPN client, which requires the Android WebView. I do not have a way to > test the Gmail app in my QA environment but I suspect it will be the same. > > Thanks Misagh if you are reading this. Hopefully this can be backported > into the 7.2 branch :-) > > On Thu, Apr 10, 2025 at 4:24 PM Jonathon Taylor <[email protected]> > wrote: > >> Hi All, >> >> There appears to be a potential solution for this being worked on in the >> 7.3.0-SNAPSHOT version of CAS. The commit is here: >> >> >> https://github.com/apereo/cas/commit/bf27b046e43029666dea64aba1a866bb67c010e9 >> >> I just tested this by changing my 7.2.1-SNAPSHOT build to >> 7.3.0-SNAPSHOT. You can then use this property: >> >> # This defaults to BROWSER_STORAGE >> cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY >> >> This appears to work and skips the interstitial pages that read/write >> from localstorage in the browser. I have not yet tested this for Android >> but will. >> >> On Thu, Apr 10, 2025 at 8:15 AM Jonathon Taylor <[email protected]> >> wrote: >> >>> Agreed. This does not just affect Gmail on Android, but also common >>> applications such as GlobalProtect VPN clients and I'm sure other commonly >>> used software. I do appreciate the pull request and we will likely be >>> using the solution Mark posted. >>> >>> On Wed, Apr 2, 2025 at 4:50 AM David Gelhar <[email protected]> >>> wrote: >>> >>>> Hi Mark, >>>> >>>> Thank you for posting that pull request. We have encountered similar >>>> problems since upgrading to CAS7 so your analysis (and workaround) is going >>>> to prove very helpful. >>>> >>>> The attitude of the CAS project around this issue is frankly >>>> incomprehensible. They have introduced a change that completely breaks >>>> authentication for a very significant user population (Gmail on an Andoid >>>> device is not exactly a "edge case"), and then declined to accept a fix >>>> because it would be "not worth maintaining". >>>> >>>> Thanks, >>>> >>>> David >>>> >>>> On Wednesday, March 12, 2025 at 9:00:46 AM UTC-4 Mark Oliver wrote: >>>> >>>>> Hi Jonathan, >>>>> >>>>> Unfortunately, that was a mistake on my part—a fix isn’t in the >>>>> mentioned file. >>>>> >>>>> I did submit a pull request for a fix here, but it was rejected >>>>> because it changed the core functionality of CAS, and the project doesn’t >>>>> want to maintain that, which is fair enough: >>>>> https://github.com/apereo/cas/pull/6305 >>>>> >>>>> Going forward, we’re managing our own version of the file. Given that, >>>>> I’ve simplified it by solely relying on sessionStorage. >>>>> >>>>> Cheers, >>>>> Mark >>>>> On Thursday, 6 March 2025 at 13:52:01 UTC Jonathon Taylor wrote: >>>>> >>>>>> Hi Mark, >>>>>> >>>>>> We are running into this same issue. Would you mind pointing me to >>>>>> what in the master branch version resolved this issue for you? We are >>>>>> seeing the issue with 7.1.4 currently. >>>>>> >>>>>> On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Thanks Ray, >>>>>>> >>>>>>> I was able to find the latest file on the master branch which looks >>>>>>> like it's been fixed: >>>>>>> >>>>>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/static/js/cas.js >>>>>>> >>>>>>> Cheers. >>>>>>> Mark >>>>>> >>>>>> >>>>>>> >>>>>>> On Tuesday, 7 January 2025 at 06:26:59 UTC Ray Bon wrote: >>>>>>> >>>>>>>> Mark, >>>>>>>> >>>>>>>> You can start with >>>>>>>> https://apereo.github.io/cas/developer/Contributor-Guidelines.html >>>>>>>> <https://apereo.github.io/cas/developer/Build-Process.html> >>>>>>>> >>>>>>>> Ray >>>>>>>> >>>>>>>> On Mon, 2025-01-06 at 06:30 -0800, 'Mark Oliver' via CAS Community >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> We recently attempted to upgrade our CAS installation from 6.6 to >>>>>>>> 7.x and encountered a blocking issue with Android’s embedded WebView >>>>>>>> (specifically in the Gmail app). >>>>>>>> >>>>>>>> In CAS 7.x, the default src/main/static/js/cas.js file appears to >>>>>>>> rely more heavily on localStorage. However, the Gmail app’s built-in >>>>>>>> WebView which is used for registering an account does not properly >>>>>>>> support >>>>>>>> localStorage. This leads to errors in the authentication flow, causing >>>>>>>> the >>>>>>>> WebView browser to hang after CAS credentials are submitted. In CAS >>>>>>>> 6.6, >>>>>>>> the code primarily used sessionStorage, and this issue never arose. >>>>>>>> >>>>>>>> To work around the problem, I’ve updated cas.js so that it first >>>>>>>> checks if localStorage is available, and if not, it falls back to an >>>>>>>> in-memory object or to sessionStorage. This resolves the problem for >>>>>>>> our >>>>>>>> users. >>>>>>>> >>>>>>>> - So firstly is this a known issue, as of 7.1.3 that issue still >>>>>>>> remains. >>>>>>>> - If a fix is welcome, where should I submit a pull request for the >>>>>>>> src/main/static/js/cas.js file? >>>>>>>> >>>>>>>> Cheers. >>>>>>>> Mark >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Jonathon Taylor (he/him) >>>>>> Information Security Office >>>>>> [email protected] >>>>>> >>>>> >>> >>> -- >>> Jonathon Taylor (he/him) >>> Information Security Office >>> [email protected] >>> >> >> >> -- >> Jonathon Taylor (he/him) >> Information Security Office >> [email protected] >> > > > -- > Jonathon Taylor (he/him) > Information Security Office > [email protected] > -- Mark Oliver, Snr DevOps Engineer, Internet Systems, IT Services, The University of Sheffield. Tel: +44 114 22 21144 -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALb7P%3Dqs4OS%3Dhpd%3Dn5B6iMJmAr6py5xJRmJWoOR_H21kkb5kUg%40mail.gmail.com.
