You might be running into a lockout security feature that blocks your IP address because of too many failed login attempts. I know such a feature existed in CAS 2.x... maybe it still exists in 3.3.
-Nathan From: Andrew Feller [mailto:[email protected]] Sent: Monday, August 17, 2009 3:25 PM To: [email protected] Subject: Re: [cas-user] CAS login Page refreshes after 5th failed login try. Israel, Hrmmm this is going to be an reaching thought, but what is the session timeout for JBoss / Tomcat set to? By default, CAS stores some information within the user's session for login purposes. I am not sure what happens whenever you exceed the session timeout yet submit the form successfully. If you have the Web Developer plugin for Firefox, you will see there are hidden fields for "lt" and "eventId". The "lt" value is used by Spring Web Flow to associate you with an existing "conversation". Anyhow, other than that, I cannot think of why this is going on. I have received the default view in CAS 3.3.1 and do not see any Javascript to cause a redirect like you mentioned. Aside from the timeout issue I mentioned above, the only other thoughts I have are 1) Hitting the reset button or 2) custom code mucking things up. HTH, A- On 8/17/09 1:43 PM, "Israel Ben Guilherme Fonseca" <[email protected]> wrote: CAS version 3.3.1 Java version 1.6.10 Container: JBoss 4.2.3 GA After the 5th try, the page just get cleaned. Example: 1. Setup demo cas.war in servlet container with NO CHANGES 2. Request /login servlet 3. Input invalid credentials #1 => Warning message about invalid credentials 4. Input invalid credentials #2 => Warning message about invalid credentials 5. Input invalid credentials #3 => Warning message about invalid credentials 6. Input invalid credentials #4 => Warning message about invalid credentials 7. Input valid credentials #5 => Some type of Javascript redirect occurs where you are sent back to the /login but the message is gone. (Even with valid credentials, nothing happens) 2009/8/17 Andrew Feller <[email protected]> Israel, So let me see if I understand this correctly: CAS version: 3.1.0 Java version: 1.X.X Servlet container: XXXXXXX Servlet container version: X.X.X STEPS TO REPRODUCE BEHAVIOR 1. Setup demo cas.war in servlet container with NO CHANGES 2. Request /login servlet 3. Input invalid credentials #1 => Warning message about invalid credentials 4. Input invalid credentials #2 => Warning message about invalid credentials 5. Input invalid credentials #3 => Warning message about invalid credentials 6. Input invalid credentials #4 => Warning message about invalid credentials 7. Input invalid credentials #5 => Warning message about invalid credentials 8. Some type of Javascript redirect occurs where you are sent back to the /login but the message is gone Is this correct? On 8/17/09 12:30 PM, "Israel Ben Guilherme Fonseca" <[email protected] <http://[email protected]> > wrote: Andrew, i did test it with a plain "cas.war" and got the same behavior. I think it's happening with all fresh CAS installations. 2009/8/17 Andrew Feller <[email protected] <http://[email protected]> > Zeeshan, The default view doesn't have any special logic like this as far as I know. However as we don't know the extent of your changes, it is difficult to troubleshoot this blindly. My knee jerk thoughts: 1. Have you modified the Spring Web Flow process to include any additional actions? 2. Have you rewired existing Spring Web Flow actions? 3. What type of Javascript changes have you made to the CAS login page? 4. Have you tried installing the Live HTTP Headers plugin for Firefox to record HTTP traffic to investigate whether this is due to the server or Javascript? HTH, A- On 8/17/09 9:45 AM, "israel.bgf" <[email protected] <http://[email protected]> > wrote: > > I'm with the exactly same problem, and i'm looking for a solution too. Did > you find something Zeeshan? > > zeeshanilyas wrote: >> >> Hi, >> >> I am using CAS 3.1 to implement Single Sign On functionality. I have >> modified CAS according to our requirements which include adding password >> Reset functionality and password expiry mechanisms. All is working fine >> but during testing I noticed that if you repeatedly try to login with >> wrong credentials then on the 5th try the login screen refreshes. I am >> using the default screen with some changes. >> >> Is there anyway to stop this behaviour. Is it a default spring mvc >> behaviour or is this part of the CAS specification (there is no mention of >> this behaviour in the documentation). >> >> I will appreciate it if someone can point to the right direction regarding >> this. >> >> Kind Regards, >> >> Zeeshan >> -- Andrew Feller, Business System Programmer LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] <http://[email protected]> as: [email protected] <http://[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Andrew Feller, Business System Programmer LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
