Well that page can always be updated to include an actual submit button and an appropriate message. We just never did it (because the number of people with JavaScript turned off is pretty minimal).
On Tue, Jan 19, 2010 at 10:15 AM, Curtis Garman <[email protected]>wrote: > hmm...gotcha...ok so am I correct in assuming then that if the user > has javascript turned off they are just out of luck?...it would > probably be a good idea then to have cas check if javascript is > enabled an only proceed if it is...otherwise display a message to the > user that they need to enable it...or display a submit button. > > Curtis > > On Tue, Jan 19, 2010 at 9:07 AM, <[email protected]> wrote: > > You've told it to respond via POST. You cannot do redirects via POST in > http so we need to create a form and submit it. Which is what its attempting > to do. > > > > > > Sent from my Verizon Wireless BlackBerry > > > > -----Original Message----- > > From: Curtis Garman <[email protected]> > > Date: Tue, 19 Jan 2010 09:05:09 > > To: <[email protected]> > > Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is disabled > > > > Sorry for the delay in more details...long weekend...my steps are as > follows: > > > > 1) login to uportal > > 2) switch off javascript > > 3) login to my casified app via the following SSO link > > https://<server>/cas/login?method=POST&service=https:// > <server>/<webapp>/login > > where the service url performs some post processing after coming back > > from CAS > > 4) I recieve the following response > > > > <html> > > <body onload="document.acsForm.submit();"> > > <form name="acsForm" action="https://<server>/<webapp>/login" > method="post"> > > <div style="display: none"> > > <textarea rows=10 cols=80 > > name="ticket">ST-98-714toQ3wFWq93tcqslre-cas</textarea> > > </div> > > </form> > > </body> > > </html> > > > > Why I'm getting this at all is a mystery to me...I never made a call > > to google or perhaps saml (not sure if this form is specific to google > > or saml) but it appears to be doing something to call this page before > > validating my existing cas ticket > > > > Curtis > > > > On Thu, Jan 14, 2010 at 7:22 PM, Scott Battaglia > > <[email protected]> wrote: > >> Yes, that would be expected (arguably we should probably have a way to > >> submit that form for JavaScript-disabled). I think the original poster > was > >> saying if he then went to a non-Google Apps application, the redirect > would > >> still fail. Unless I read it wrong. > >> > >> > >> On Thu, Jan 14, 2010 at 6:21 PM, Johan Reinalda > >> <[email protected]> wrote: > >>> > >>> Scott, > >>> > >>> I can replicate this. > >>> (at Thunderbird, 3 days ago we went live with CAS3.3.5, Google Apps, > >>> Moodle, and some internally developed web apps, all working off MS-AD > >>> accounts) > >>> > >>> When I go to Gapps mail interface, with Firefox 3.5.7 with Javascript > >>> disabled, I get redirected to our CAS login page. The returned, > hung page > >>> has an onload=submit() as follows, and thus you're dead in the water! > >>> > >>> Johan > >>> I&IT > >>> Thunderbird School of Global Management > >>> CAS @ https://login.thunderbird.edu > >>> > >>> ================== > >>> > >>> "Hung" URL (shortened the saml request for readability): > >>> > >>> > https://login.thunderbird.edu/cas/login?SAMLRequest=fVLJbt....&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fglobal.t-bird.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fglobal.t-bird.edu%252F%26bsv%3Dzpwhtygjntrz%26ltmpl%3Ddefault%26ltmplcache%3D2 > >>> > >>> HTML Content of above (saml keys somewhat shortened): > >>> > >>> <html> > >>> <body onload="document.acsForm.submit();"> > >>> <form name="acsForm" > >>> action="https://www.google.com/a/global.t-bird.edu/acs"; method="post"> > >>> <div style="display: none"> > >>> > >>> <textarea rows=10 cols=80 name="SAMLResponse"><?xml > >>> version="1.0" encoding="UTF-8"?> > >>> <samlp:Response > >>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > >>> xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" > >>> ID="iaakapbhfmfkngflfngoopdplmhgjaofhccjjala" > >>> IssueInstant="2010-01-14T16:12:45Z" > >>> Version="2.0"><Signature > >>> xmlns=" > http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod > >>> Algorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" > >>> /><SignatureMethod > >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" > >>> /><Reference URI=""><Transforms><Transform > >>> Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature" > >>> /></Transforms><DigestMethod > >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" > >>> > /><DigestValue>m0mTxxyJj3cXrJjilwjpibB7zXk=</DigestValue></Reference></SignedInfo><SignatureValue>t91KQtTk6eaXNNU3HGK8pJm7Ua9hbEn35eOhjqUh9v7SZ94wSg1ziEtYuJYqvYI889MNC7YLMjd4 > >>> > >>> > fECJr4AOrzOfcEFEKgpBMi/SKcc+UgHuQUer9g==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>uWn6/TurLUy6W70rMIkcAfLNMr4/1Ra/ju7MgNi1kjL5VRkgCGQuozMH7/jKbzIDdQxnNrGaor8o > >>> > >>> > VnYFblIaIq05ngKGcr1ulBPreUzXagpyTU2QLQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature><samlp:Status><samlp:StatusCode > >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success" > >>> /></samlp:Status><Assertion > >>> ID="pfjeimfgpknnnionmnhceanbpjnilphmalgmhgdo" > >>> IssueInstant="2003-04-17T00:46:02Z" > >>> Version="2.0"><Issuer> > https://www.opensaml.org/IDP</Issuer><Subject><NameID > >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress&# > 034;>[email protected] <034%3b%26gt%[email protected]> > </NameID><SubjectConfirmation > >>> > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData > >>> InResponseTo="lcphjmnkcimmdockldcfhaekkagokofkkpbkoemk" > >>> NotOnOrAfter="2011-01-14T16:12:45Z" > >>> Recipient="https://www.google.com/a/global.t-bird.edu/acs" > >>> /></SubjectConfirmation></Subject><Conditions > >>> NotBefore="2003-04-17T00:46:02Z" > >>> > NotOnOrAfter="2011-01-14T16:12:45Z"><AudienceRestriction><Audience> > https://www.google.com/a/global.t-bird.edu/acs</Audience></AudienceRestriction></Conditions><AuthnStatement > >>> > AuthnInstant="2010-01-14T16:12:45Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response> > >>> </textarea> > >>> > >>> <textarea rows=10 cols=80 > >>> name="RelayState"> > https://www.google.com/a/global.t-bird.edu/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fglobal.t-bird.edu%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2 > </textarea> > >>> </div> > >>> </form> > >>> </body> > >>> </html> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> ----- Original Message ----- > >>> From: Scott Battaglia > >>> To: [email protected] > >>> Sent: Thursday, January 14, 2010 8:59 AM > >>> Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is > disabled > >>> That doesn't make much sense because most apps don't use the JavaScript > >>> method for redirecting back. > >>> > >>> Can you let me know what steps you've taken to repeat this? We have > one > >>> user at RU that uses our Google Apps support so I can maybe ask him to > try > >>> and execute the same steps you are. > >>> > >>> Thanks > >>> Scott > >>> > >>> > >>> On Thu, Jan 14, 2010 at 10:12 AM, Curtis Garman <[email protected] > > > >>> wrote: > >>>> > >>>> I've got google apps configured with cas and when I try to login to a > >>>> totally different app without javascript enabled, I get a white > >>>> screen. Looking closer at the page source shows that it is part of a > >>>> saml request and it is failing because it is depending on an automatic > >>>> form submission via javascript. It looks to me like the saml stuff is > >>>> being checked first, failing because of having javascript disabled, > >>>> and thus causing all other authentications to halt. Is there anyway > >>>> around this or is this a side effect of having google apps configured? > >>>> > >>>> -- > >>>> Curtis Garman > >>>> Web Programmer > >>>> Heartland Community College > >>>> > >>>> -- > >>>> You are currently subscribed to [email protected] as: > >>>> [email protected] > >>>> To unsubscribe, change settings or access archives, see > >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >>> > >>> -- > >>> You are currently subscribed to [email protected] as: > >>> [email protected] > >>> > >>> > >>> To unsubscribe, change settings or access archives, see > >>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >>> > >>> -- > >>> You are currently subscribed to [email protected] as: > >>> [email protected] > >>> > >>> > >>> To unsubscribe, change settings or access archives, see > >>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > >> -- > >> You are currently subscribed to [email protected] as: > >> [email protected] > >> To unsubscribe, change settings or access archives, see > >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > > > -- > > Curtis Garman > > Web Programmer > > Heartland Community College > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > Curtis Garman > Web Programmer > Heartland Community College > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
