Yes, that would be expected (arguably we should probably have a way to submit that form for JavaScript-disabled). I think the original poster was saying if he then went to a non-Google Apps application, the redirect would still fail. Unless I read it wrong.
On Thu, Jan 14, 2010 at 6:21 PM, Johan Reinalda < [email protected]> wrote: > Scott, > > I can replicate this. > (at Thunderbird, 3 days ago we went live with CAS3.3.5, Google Apps, > Moodle, and some internally developed web apps, all working off MS-AD > accounts) > > When I go to Gapps mail interface, with Firefox 3.5.7 with Javascript > disabled, I get redirected to our CAS login page. The returned, hung page > has an onload=submit() as follows, and thus you're dead in the water! > > Johan > I&IT > Thunderbird School of Global Management > CAS @ https://login.thunderbird.edu > > ================== > > "Hung" URL (shortened the saml request for readability): > > https://login.thunderbird.edu/cas/login?SAMLRequest=fVLJbt....&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fglobal.t-bird.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fglobal.t-bird.edu%252F%26bsv%3Dzpwhtygjntrz%26ltmpl%3Ddefault%26ltmplcache%3D2 > > HTML Content of above (saml keys somewhat shortened): > > <html> > <body onload="document.acsForm.submit();"> > <form name="acsForm" > action="https://www.google.com/a/global.t-bird.edu/acs" method="post"> > <div style="display: none"> > > <textarea rows=10 cols=80 name="SAMLResponse"><?xml > version="1.0" encoding="UTF-8"?> > <samlp:Response > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" > <http://www.w3.org/2001/04/xmlenc#&%23034>; > ID="iaakapbhfmfkngflfngoopdplmhgjaofhccjjala" > IssueInstant="2010-01-14T16:12:45Z" > Version="2.0"><Signature > xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod > > <http://www.w3.org/2000/09/xmldsig#&%23034;%3E%3CSignedInfo%3E%3CCanonicalizationMethod> > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" > <http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments&%23034>; > /><SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" > <http://www.w3.org/2000/09/xmldsig#rsa-sha1&%23034>; /><Reference > URI=""><Transforms><Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" > <http://www.w3.org/2000/09/xmldsig#enveloped-signature&%23034>; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" > <http://www.w3.org/2000/09/xmldsig#sha1&%23034>; > /><DigestValue>m0mTxxyJj3cXrJjilwjpibB7zXk=</DigestValue></Reference></SignedInfo><SignatureValue>t91KQtTk6eaXNNU3HGK8pJm7Ua9hbEn35eOhjqUh9v7SZ94wSg1ziEtYuJYqvYI889MNC7YLMjd4 > fECJr4AOrzOfcEFEKgpBMi/SKcc+UgHuQUer9g==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>uWn6/TurLUy6W70rMIkcAfLNMr4/1Ra/ju7MgNi1kjL5VRkgCGQuozMH7/jKbzIDdQxnNrGaor8o > VnYFblIaIq05ngKGcr1ulBPreUzXagpyTU2QLQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature><samlp:Status><samlp:StatusCode > Value="urn:oasis:names:tc:SAML:2.0:status:Success" > /></samlp:Status><Assertion > ID="pfjeimfgpknnnionmnhceanbpjnilphmalgmhgdo" > IssueInstant="2003-04-17T00:46:02Z" > Version="2.0"><Issuer>https://www.opensaml.org/IDP</Issuer><Subject><NameID > <https://www.opensaml.org/IDP%3C/Issuer%3E%3CSubject%3E%3CNameID> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress">[email protected] > > <034%3b%26gt%[email protected]></NameID><SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData > InResponseTo="lcphjmnkcimmdockldcfhaekkagokofkkpbkoemk" > NotOnOrAfter="2011-01-14T16:12:45Z" > Recipient="https://www.google.com/a/global.t-bird.edu/acs" > /></SubjectConfirmation></Subject><Conditions > NotBefore="2003-04-17T00:46:02Z" > NotOnOrAfter="2011-01-14T16:12:45Z"><AudienceRestriction><Audience>https://www.google.com/a/global.t-bird.edu/acs</Audience></AudienceRestriction></Conditions><AuthnStatement > > <https://www.google.com/a/global.t-bird.edu/acs%3C/Audience%3E%3C/AudienceRestriction%3E%3C/Conditions%3E%3CAuthnStatement> > > AuthnInstant="2010-01-14T16:12:45Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response> > </textarea> > > <textarea rows=10 cols=80 > name="RelayState">https://www.google.com/a/global.t-bird.edu/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fglobal.t-bird.edu%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2 > > <https://www.google.com/a/global.t-bird.edu/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fglobal.t-bird.edu%2F&bsv=zpwhtygjntrz<mpl=default<mplcache=2></textarea> > </div> > </form> > </body> > </html> > > > > > > > > > > > ----- Original Message ----- > *From:* Scott Battaglia <[email protected]> > *To:* [email protected] > *Sent:* Thursday, January 14, 2010 8:59 AM > *Subject:* Re: [cas-user] CAS 3.3.4 login fails when javascript is > disabled > > That doesn't make much sense because most apps don't use the JavaScript > method for redirecting back. > > Can you let me know what steps you've taken to repeat this? We have one > user at RU that uses our Google Apps support so I can maybe ask him to try > and execute the same steps you are. > > Thanks > Scott > > > On Thu, Jan 14, 2010 at 10:12 AM, Curtis Garman <[email protected]>wrote: > >> I've got google apps configured with cas and when I try to login to a >> totally different app without javascript enabled, I get a white >> screen. Looking closer at the page source shows that it is part of a >> saml request and it is failing because it is depending on an automatic >> form submission via javascript. It looks to me like the saml stuff is >> being checked first, failing because of having javascript disabled, >> and thus causing all other authentications to halt. Is there anyway >> around this or is this a side effect of having google apps configured? >> >> -- >> Curtis Garman >> Web Programmer >> Heartland Community College >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
