And cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY is deprecated now, anyone have eyes on what is supposed to fix this when this is removed?
On Tuesday, June 3, 2025 at 2:24:30 PM UTC-4 Mike Osterman wrote: > For the next person encountering this, adding the actual error message to > the thread we were seeing so it will show up in search: > > *Unable to proceed to the next step* > > *TypeError: Cannot read properties of null (reading 'removeltem')* > > > Thanks, > > Mike > > On Fri, Apr 11, 2025 at 9:52 AM 'Mark Oliver' via CAS Community < > [email protected]> wrote: > >> That's a great find! Thanks for sharing that and testing it out. I'll be >> watching out for the new release :-) >> >> Cheers. >> Mark >> >> On Fri, 11 Apr 2025 at 01:30, Jonathon Taylor <[email protected]> >> wrote: >> >>> I can confirm that this fixed my issue with our Palo Alto Global Protect >>> VPN client, which requires the Android WebView. I do not have a way to >>> test the Gmail app in my QA environment but I suspect it will be the same. >>> >>> Thanks Misagh if you are reading this. Hopefully this can be backported >>> into the 7.2 branch :-) >>> >>> On Thu, Apr 10, 2025 at 4:24 PM Jonathon Taylor <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> There appears to be a potential solution for this being worked on in >>>> the 7.3.0-SNAPSHOT version of CAS. The commit is here: >>>> >>>> >>>> https://github.com/apereo/cas/commit/bf27b046e43029666dea64aba1a866bb67c010e9 >>>> >>>> I just tested this by changing my 7.2.1-SNAPSHOT build to >>>> 7.3.0-SNAPSHOT. You can then use this property: >>>> >>>> # This defaults to BROWSER_STORAGE >>>> cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY >>>> >>>> This appears to work and skips the interstitial pages that read/write >>>> from localstorage in the browser. I have not yet tested this for Android >>>> but will. >>>> >>>> On Thu, Apr 10, 2025 at 8:15 AM Jonathon Taylor <[email protected]> >>>> wrote: >>>> >>>>> Agreed. This does not just affect Gmail on Android, but also common >>>>> applications such as GlobalProtect VPN clients and I'm sure other >>>>> commonly >>>>> used software. I do appreciate the pull request and we will likely be >>>>> using the solution Mark posted. >>>>> >>>>> On Wed, Apr 2, 2025 at 4:50 AM David Gelhar <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Mark, >>>>>> >>>>>> Thank you for posting that pull request. We have encountered similar >>>>>> problems since upgrading to CAS7 so your analysis (and workaround) is >>>>>> going >>>>>> to prove very helpful. >>>>>> >>>>>> The attitude of the CAS project around this issue is frankly >>>>>> incomprehensible. They have introduced a change that completely breaks >>>>>> authentication for a very significant user population (Gmail on an >>>>>> Andoid >>>>>> device is not exactly a "edge case"), and then declined to accept a fix >>>>>> because it would be "not worth maintaining". >>>>>> >>>>>> Thanks, >>>>>> >>>>>> David >>>>>> >>>>>> On Wednesday, March 12, 2025 at 9:00:46 AM UTC-4 Mark Oliver wrote: >>>>>> >>>>>>> Hi Jonathan, >>>>>>> >>>>>>> Unfortunately, that was a mistake on my part—a fix isn’t in the >>>>>>> mentioned file. >>>>>>> >>>>>>> I did submit a pull request for a fix here, but it was rejected >>>>>>> because it changed the core functionality of CAS, and the project >>>>>>> doesn’t >>>>>>> want to maintain that, which is fair enough: >>>>>>> https://github.com/apereo/cas/pull/6305 >>>>>>> >>>>>>> Going forward, we’re managing our own version of the file. Given >>>>>>> that, I’ve simplified it by solely relying on sessionStorage. >>>>>>> >>>>>>> Cheers, >>>>>>> Mark >>>>>>> On Thursday, 6 March 2025 at 13:52:01 UTC Jonathon Taylor wrote: >>>>>>> >>>>>>>> Hi Mark, >>>>>>>> >>>>>>>> We are running into this same issue. Would you mind pointing me to >>>>>>>> what in the master branch version resolved this issue for you? We are >>>>>>>> seeing the issue with 7.1.4 currently. >>>>>>>> >>>>>>>> On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Thanks Ray, >>>>>>>>> >>>>>>>>> I was able to find the latest file on the master branch which >>>>>>>>> looks like it's been fixed: >>>>>>>>> >>>>>>>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/static/js/cas.js >>>>>>>>> >>>>>>>>> Cheers. >>>>>>>>> Mark >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> On Tuesday, 7 January 2025 at 06:26:59 UTC Ray Bon wrote: >>>>>>>>> >>>>>>>>>> Mark, >>>>>>>>>> >>>>>>>>>> You can start with >>>>>>>>>> https://apereo.github.io/cas/developer/Contributor-Guidelines.html >>>>>>>>>> <https://apereo.github.io/cas/developer/Build-Process.html> >>>>>>>>>> >>>>>>>>>> Ray >>>>>>>>>> >>>>>>>>>> On Mon, 2025-01-06 at 06:30 -0800, 'Mark Oliver' via CAS >>>>>>>>>> Community wrote: >>>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> We recently attempted to upgrade our CAS installation from 6.6 to >>>>>>>>>> 7.x and encountered a blocking issue with Android’s embedded WebView >>>>>>>>>> (specifically in the Gmail app). >>>>>>>>>> >>>>>>>>>> In CAS 7.x, the default src/main/static/js/cas.js file appears to >>>>>>>>>> rely more heavily on localStorage. However, the Gmail app’s built-in >>>>>>>>>> WebView which is used for registering an account does not properly >>>>>>>>>> support >>>>>>>>>> localStorage. This leads to errors in the authentication flow, >>>>>>>>>> causing the >>>>>>>>>> WebView browser to hang after CAS credentials are submitted. In CAS >>>>>>>>>> 6.6, >>>>>>>>>> the code primarily used sessionStorage, and this issue never arose. >>>>>>>>>> >>>>>>>>>> To work around the problem, I’ve updated cas.js so that it first >>>>>>>>>> checks if localStorage is available, and if not, it falls back to an >>>>>>>>>> in-memory object or to sessionStorage. This resolves the problem for >>>>>>>>>> our >>>>>>>>>> users. >>>>>>>>>> >>>>>>>>>> - So firstly is this a known issue, as of 7.1.3 that issue still >>>>>>>>>> remains. >>>>>>>>>> - If a fix is welcome, where should I submit a pull request for >>>>>>>>>> the src/main/static/js/cas.js file? >>>>>>>>>> >>>>>>>>>> Cheers. >>>>>>>>>> Mark >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "CAS Community" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To view this discussion visit >>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Jonathon Taylor (he/him) >>>>>>>> Information Security Office >>>>>>>> [email protected] >>>>>>>> >>>>>>> >>>>> >>>>> -- >>>>> Jonathon Taylor (he/him) >>>>> Information Security Office >>>>> [email protected] >>>>> >>>> >>>> >>>> -- >>>> Jonathon Taylor (he/him) >>>> Information Security Office >>>> [email protected] >>>> >>> >>> >>> -- >>> Jonathon Taylor (he/him) >>> Information Security Office >>> [email protected] >>> >> >> >> -- >> >> Mark Oliver, >> Snr DevOps Engineer, >> Internet Systems, >> IT Services, The University of Sheffield. >> Tel: +44 114 22 21144 >> >> -- >> - Website: https://apereo.github.io/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALb7P%3Dqs4OS%3Dhpd%3Dn5B6iMJmAr6py5xJRmJWoOR_H21kkb5kUg%40mail.gmail.com >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALb7P%3Dqs4OS%3Dhpd%3Dn5B6iMJmAr6py5xJRmJWoOR_H21kkb5kUg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e5cbd048-da7c-4be9-9c63-abbc816c27ecn%40apereo.org.
