Hi All,
Apologies for my rambling before, I got my uPortal sessions and CAS
SSO sessions all muddled up.
JavaScript in page uPortal active session check
===============================================
If I create a simple JSP containing code cribbed from the uPortal
LogoutServlet (I'm aware PersonManagerFactory is deprecated!):
<%@ page
import="org.jasig.portal.security.IPerson,org.jasig.portal.security.PersonManagerFactory"
%><%--
--%><%
IPerson person =
PersonManagerFactory.getPersonManagerInstance().getPerson(request);
%><%= person != null && person.getSecurityContext().isAuthenticated() %>
I can then use jQuery AJAX calls to examine the current uPortal
authentication status. I can then choose to refresh the page and
cause an on-screen logout instead of displaying a JavaScript pop-up
box.
JavaScript in page CAS active session check
===========================================
This is probably quite obscure and probably peculiar to what I am
currently working on. I use a CAS 2 server which doesn't support
single sign out, therefore I cannot use the uPortal active session
check alone. In my scenario it is possible to have an active uPortal
session simultaneously with an inactive CAS SSO session.
I have written an extension to the jQuery UI dialog which can display
an IFRAME above the portal content. In one situation, I am using this
to page through e-mail message previews, I therefore require to know
that I have an active SSO session before displaying the dialog box
(else I get an SSO login screen inside the IFRAME).
This is the scenario when I need to use something similar to my
servlet/IFRAME approach that I described in my prior e-mail.
I hope this clears things up.
Mark
On 9/9/09, Mark McLaren <[email protected]> wrote:
> Hi Jen,
>
> I have copied this e-mail to the CAS user list also as I hope my
> proposed solution could be of use them for other similar situations.
>
> To re-state the problem in more generic terms, in my web application
> (e.g. uPortal) I have some clever jQuery JavaScript that pops up a
> dialog box. I only want the dialog box to display if I still have a
> valid SSO session (incidentally I'm using a CAS 2 server).
>
> Thanks Jen for the JIRA link I had not spotted it, I’ll give the
> patch a whirl but also....
>
> I think I have come up with an alternative solution that relies on the
> CAS gateway parameter, I realise that this isn't relevant to non-CAS
> authentication folks in the uPortal community.
>
> I've written a simple servlet, isSSOSessionLoggedIn, this makes use of
> the CAS gateway parameter to determine if my SSO session is still
> valid it contains something like:
>
> String redirect = request.getParameter("redirect");
> if (redirect != null) {
> String gateway =
> "https://mycasserver/cas/login?service=https://myappserver/myapp/isSSOSessionLoggedIn&gateway=true";;
> response.sendRedirect(gateway);
> }
> String ticket = request.getParameter("ticket");
> response.setContentType("text/html;charset=UTF-8");
> PrintWriter out = response.getWriter();
> try {
> if (ticket != null) {
> // I don't think it is necessary to actually validate the
> ticket, presence is sufficient
> out.println("SSO session is valid <script
> type=\"text/javascript\"> ssoValid = true; </script>");
> } else {
> out.println("SSO session is invalid <script
> type=\"text/javascript\"> ssoValid = false; </script>");
> }
> } finally {
> out.close();
> }
>
> In my application page I can now check if my SSO session is still
> valid with some suitable jQuery/markup, such as:
>
> <p>
> <a href="#" id="testValidity">Test Validity</a>
> <p>
>
> <iframe src="#" id="ssoValid" name="ssoValid" frameborder="no"></iframe>
>
> <script type="text/javascript">
> var ssoValidIframe = $('#ssoValid');
>
> ssoValidIframe.load(function(){
> if(ssoValidIframe.attr('src')!= "#" ){
> alert(ssoValid.ssoValid);
> if(ssoValid.ssoValid){
> // do stuff that requires a valid SSO session
> }
> }
> });
>
> $('#testValidity').click(function(){
> ssoValidIframe.attr('src',
> 'isSSOSessionLoggedIn?redirect=true');
> });
> </script>
>
> Seems a little elaborate (ugly!) but I guess it would work. Any thoughts?
>
> Cheers,
>
> Mark
>
> On Tue, Sep 8, 2009 at 4:39 PM, Jen Bourey<[email protected]> wrote:
>> Hi Mark,
>>
>> You're completely correct. It looks like Katya created a JIRA for this
>> issue and posted a patch for it here:
>> http://www.ja-sig.org/issues/browse/UP-2095. I've assigned the ticket to
>> myself, and when I can find the time I'll get her patch integrated with
>> the
>> codebase. Maybe in the meantime you could try out the patch and let us
>> know
>> if it works for you?
>>
>> - Jen
>>
>> On Tue, Sep 8, 2009 at 11:09 AM, Mark McLaren <[email protected]>
>> wrote:
>>>
>>> Apologies if this has been discussed previously, I've noticed some
>>> strange behaviour with the JavaScript functionality inside uPortal3.1
>>> (I dare say it was there in uPortal 3.0 too). Incidentally, we are
>>> still using a variation of the CAS 2 server for authentication here.
>>>
>>> If in uPortal 3.1 you click on a JavaScript enabled piece of interface
>>> such as anything in the "Customize My Portal" section (e.g. Add
>>> Content, Page Layout, Select Skin, Add Tab) and your authenticated
>>> session has timed out then weirdness ensues.
>>>
>>> Since these JavaScript enabled widgets require little in the way of
>>> server interaction you get some kind of interface change (such as a
>>> dialog window appearing) even when you are logged out and shouldn't be
>>> able to do anything (in fact you cannot actually do anything that
>>> requires the server side interaction).
>>>
>>> Would it be easy (better) for the JavaScript to check if you are
>>> authenticated before conducting it's DOM manipulations? If you are
>>> not authenticated then it could refresh the page, which would make the
>>> screen appear logged out if this was more appropriate.
>>>
>>> Do other people see this kind of behaviour or have I broken something?
>>>
>>> Mark
>> --
>> Jen Bourey
>
>
> --
> "Paradoxically, the more time saving abstractions you are using the
> more you actually have to know." - Simon Willison
>
--
"Paradoxically, the more time saving abstractions you are using the
more you actually have to know." - Simon Willison
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
