Hi Jen,
I have copied this e-mail to the CAS user list also as I hope my
proposed solution could be of use them for other similar situations.
To re-state the problem in more generic terms, in my web application
(e.g. uPortal) I have some clever jQuery JavaScript that pops up a
dialog box. I only want the dialog box to display if I still have a
valid SSO session (incidentally I'm using a CAS 2 server).
Thanks Jen for the JIRA link I had not spotted it, I’ll give the
patch a whirl but also....
I think I have come up with an alternative solution that relies on the
CAS gateway parameter, I realise that this isn't relevant to non-CAS
authentication folks in the uPortal community.
I've written a simple servlet, isSSOSessionLoggedIn, this makes use of
the CAS gateway parameter to determine if my SSO session is still
valid it contains something like:
String redirect = request.getParameter("redirect");
if (redirect != null) {
String gateway =
"https://mycasserver/cas/login?service=https://myappserver/myapp/isSSOSessionLoggedIn&gateway=true";;
response.sendRedirect(gateway);
}
String ticket = request.getParameter("ticket");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
if (ticket != null) {
// I don't think it is necessary to actually validate the
ticket, presence is sufficient
out.println("SSO session is valid <script
type=\"text/javascript\"> ssoValid = true; </script>");
} else {
out.println("SSO session is invalid <script
type=\"text/javascript\"> ssoValid = false; </script>");
}
} finally {
out.close();
}
In my application page I can now check if my SSO session is still
valid with some suitable jQuery/markup, such as:
<p>
<a href="#" id="testValidity">Test Validity</a>
<p>
<iframe src="#" id="ssoValid" name="ssoValid" frameborder="no"></iframe>
<script type="text/javascript">
var ssoValidIframe = $('#ssoValid');
ssoValidIframe.load(function(){
if(ssoValidIframe.attr('src')!= "#" ){
alert(ssoValid.ssoValid);
if(ssoValid.ssoValid){
// do stuff that requires a valid SSO session
}
}
});
$('#testValidity').click(function(){
ssoValidIframe.attr('src', 'isSSOSessionLoggedIn?redirect=true');
});
</script>
Seems a little elaborate (ugly!) but I guess it would work. Any thoughts?
Cheers,
Mark
On Tue, Sep 8, 2009 at 4:39 PM, Jen Bourey<[email protected]> wrote:
> Hi Mark,
>
> You're completely correct. It looks like Katya created a JIRA for this
> issue and posted a patch for it here:
> http://www.ja-sig.org/issues/browse/UP-2095. I've assigned the ticket to
> myself, and when I can find the time I'll get her patch integrated with the
> codebase. Maybe in the meantime you could try out the patch and let us know
> if it works for you?
>
> - Jen
>
> On Tue, Sep 8, 2009 at 11:09 AM, Mark McLaren <[email protected]>
> wrote:
>>
>> Apologies if this has been discussed previously, I've noticed some
>> strange behaviour with the JavaScript functionality inside uPortal3.1
>> (I dare say it was there in uPortal 3.0 too). Incidentally, we are
>> still using a variation of the CAS 2 server for authentication here.
>>
>> If in uPortal 3.1 you click on a JavaScript enabled piece of interface
>> such as anything in the "Customize My Portal" section (e.g. Add
>> Content, Page Layout, Select Skin, Add Tab) and your authenticated
>> session has timed out then weirdness ensues.
>>
>> Since these JavaScript enabled widgets require little in the way of
>> server interaction you get some kind of interface change (such as a
>> dialog window appearing) even when you are logged out and shouldn't be
>> able to do anything (in fact you cannot actually do anything that
>> requires the server side interaction).
>>
>> Would it be easy (better) for the JavaScript to check if you are
>> authenticated before conducting it's DOM manipulations? If you are
>> not authenticated then it could refresh the page, which would make the
>> screen appear logged out if this was more appropriate.
>>
>> Do other people see this kind of behaviour or have I broken something?
>>
>> Mark
> --
> Jen Bourey
--
"Paradoxically, the more time saving abstractions you are using the
more you actually have to know." - Simon Willison
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
