True, most users won't know the difference...I only ask because it has the potential to increase helpdesk calls...if the login fails in the manner I described, the user just gets a white screen (at lease in firefox) and they won't know what to do.
What page would I need to change? Is it the casPostResponseView.jsp Curtis On Tue, Jan 19, 2010 at 9:17 AM, Scott Battaglia <[email protected]> wrote: > Well that page can always be updated to include an actual submit button and > an appropriate message. We just never did it (because the number of people > with JavaScript turned off is pretty minimal). > > > On Tue, Jan 19, 2010 at 10:15 AM, Curtis Garman <[email protected]> > wrote: >> >> hmm...gotcha...ok so am I correct in assuming then that if the user >> has javascript turned off they are just out of luck?...it would >> probably be a good idea then to have cas check if javascript is >> enabled an only proceed if it is...otherwise display a message to the >> user that they need to enable it...or display a submit button. >> >> Curtis >> >> On Tue, Jan 19, 2010 at 9:07 AM, <[email protected]> wrote: >> > You've told it to respond via POST. You cannot do redirects via POST in >> > http so we need to create a form and submit it. Which is what its >> > attempting >> > to do. >> > >> > >> > Sent from my Verizon Wireless BlackBerry >> > >> > -----Original Message----- >> > From: Curtis Garman <[email protected]> >> > Date: Tue, 19 Jan 2010 09:05:09 >> > To: <[email protected]> >> > Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is >> > disabled >> > >> > Sorry for the delay in more details...long weekend...my steps are as >> > follows: >> > >> > 1) login to uportal >> > 2) switch off javascript >> > 3) login to my casified app via the following SSO link >> > >> > https://<server>/cas/login?method=POST&service=https://<server>/<webapp>/login >> > where the service url performs some post processing after coming back >> > from CAS >> > 4) I recieve the following response >> > >> > <html> >> > <body onload="document.acsForm.submit();"> >> > <form name="acsForm" >> > action="https://<server>/<webapp>/login" method="post"> >> > <div style="display: none"> >> > <textarea rows=10 cols=80 >> > name="ticket">ST-98-714toQ3wFWq93tcqslre-cas</textarea> >> > </div> >> > </form> >> > </body> >> > </html> >> > >> > Why I'm getting this at all is a mystery to me...I never made a call >> > to google or perhaps saml (not sure if this form is specific to google >> > or saml) but it appears to be doing something to call this page before >> > validating my existing cas ticket >> > >> > Curtis >> > >> > On Thu, Jan 14, 2010 at 7:22 PM, Scott Battaglia >> > <[email protected]> wrote: >> >> Yes, that would be expected (arguably we should probably have a way to >> >> submit that form for JavaScript-disabled). I think the original poster >> >> was >> >> saying if he then went to a non-Google Apps application, the redirect >> >> would >> >> still fail. Unless I read it wrong. >> >> >> >> >> >> On Thu, Jan 14, 2010 at 6:21 PM, Johan Reinalda >> >> <[email protected]> wrote: >> >>> >> >>> Scott, >> >>> >> >>> I can replicate this. >> >>> (at Thunderbird, 3 days ago we went live with CAS3.3.5, Google Apps, >> >>> Moodle, and some internally developed web apps, all working off MS-AD >> >>> accounts) >> >>> >> >>> When I go to Gapps mail interface, with Firefox 3.5.7 with Javascript >> >>> disabled, I get redirected to our CAS login page. The returned, >> >>> hung page >> >>> has an onload=submit() as follows, and thus you're dead in the water! >> >>> >> >>> Johan >> >>> I&IT >> >>> Thunderbird School of Global Management >> >>> CAS @ https://login.thunderbird.edu >> >>> >> >>> ================== >> >>> >> >>> "Hung" URL (shortened the saml request for readability): >> >>> >> >>> >> >>> https://login.thunderbird.edu/cas/login?SAMLRequest=fVLJbt....&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fglobal.t-bird.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fglobal.t-bird.edu%252F%26bsv%3Dzpwhtygjntrz%26ltmpl%3Ddefault%26ltmplcache%3D2 >> >>> >> >>> HTML Content of above (saml keys somewhat shortened): >> >>> >> >>> <html> >> >>> <body onload="document.acsForm.submit();"> >> >>> <form name="acsForm" >> >>> action="https://www.google.com/a/global.t-bird.edu/acs"; method="post"> >> >>> <div style="display: none"> >> >>> >> >>> <textarea rows=10 cols=80 >> >>> name="SAMLResponse"><?xml >> >>> version="1.0" encoding="UTF-8"?> >> >>> <samlp:Response >> >>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> >>> xmlns="urn:oasis:names:tc:SAML:2.0:assertion" >> >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" >> >>> ID="iaakapbhfmfkngflfngoopdplmhgjaofhccjjala" >> >>> IssueInstant="2010-01-14T16:12:45Z" >> >>> Version="2.0"><Signature >> >>> >> >>> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >> >>> >> >>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" >> >>> /><SignatureMethod >> >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" >> >>> /><Reference URI=""><Transforms><Transform >> >>> >> >>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >> >>> /></Transforms><DigestMethod >> >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" >> >>> >> >>> /><DigestValue>m0mTxxyJj3cXrJjilwjpibB7zXk=</DigestValue></Reference></SignedInfo><SignatureValue>t91KQtTk6eaXNNU3HGK8pJm7Ua9hbEn35eOhjqUh9v7SZ94wSg1ziEtYuJYqvYI889MNC7YLMjd4 >> >>> >> >>> >> >>> fECJr4AOrzOfcEFEKgpBMi/SKcc+UgHuQUer9g==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>uWn6/TurLUy6W70rMIkcAfLNMr4/1Ra/ju7MgNi1kjL5VRkgCGQuozMH7/jKbzIDdQxnNrGaor8o >> >>> >> >>> >> >>> VnYFblIaIq05ngKGcr1ulBPreUzXagpyTU2QLQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature><samlp:Status><samlp:StatusCode >> >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success" >> >>> /></samlp:Status><Assertion >> >>> ID="pfjeimfgpknnnionmnhceanbpjnilphmalgmhgdo" >> >>> IssueInstant="2003-04-17T00:46:02Z" >> >>> >> >>> Version="2.0"><Issuer>https://www.opensaml.org/IDP</Issuer><Subject><NameID >> >>> >> >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress">[email protected]</NameID><SubjectConfirmation >> >>> >> >>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData >> >>> InResponseTo="lcphjmnkcimmdockldcfhaekkagokofkkpbkoemk" >> >>> NotOnOrAfter="2011-01-14T16:12:45Z" >> >>> Recipient="https://www.google.com/a/global.t-bird.edu/acs" >> >>> /></SubjectConfirmation></Subject><Conditions >> >>> NotBefore="2003-04-17T00:46:02Z" >> >>> >> >>> NotOnOrAfter="2011-01-14T16:12:45Z"><AudienceRestriction><Audience>https://www.google.com/a/global.t-bird.edu/acs</Audience></AudienceRestriction></Conditions><AuthnStatement >> >>> >> >>> AuthnInstant="2010-01-14T16:12:45Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response> >> >>> </textarea> >> >>> >> >>> <textarea rows=10 cols=80 >> >>> >> >>> name="RelayState">https://www.google.com/a/global.t-bird.edu/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fglobal.t-bird.edu%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2</textarea> >> >>> </div> >> >>> </form> >> >>> </body> >> >>> </html> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> ----- Original Message ----- >> >>> From: Scott Battaglia >> >>> To: [email protected] >> >>> Sent: Thursday, January 14, 2010 8:59 AM >> >>> Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is >> >>> disabled >> >>> That doesn't make much sense because most apps don't use the >> >>> JavaScript >> >>> method for redirecting back. >> >>> >> >>> Can you let me know what steps you've taken to repeat this? We have >> >>> one >> >>> user at RU that uses our Google Apps support so I can maybe ask him to >> >>> try >> >>> and execute the same steps you are. >> >>> >> >>> Thanks >> >>> Scott >> >>> >> >>> >> >>> On Thu, Jan 14, 2010 at 10:12 AM, Curtis Garman >> >>> <[email protected]> >> >>> wrote: >> >>>> >> >>>> I've got google apps configured with cas and when I try to login to a >> >>>> totally different app without javascript enabled, I get a white >> >>>> screen. Looking closer at the page source shows that it is part of a >> >>>> saml request and it is failing because it is depending on an >> >>>> automatic >> >>>> form submission via javascript. It looks to me like the saml stuff is >> >>>> being checked first, failing because of having javascript disabled, >> >>>> and thus causing all other authentications to halt. Is there anyway >> >>>> around this or is this a side effect of having google apps >> >>>> configured? >> >>>> >> >>>> -- >> >>>> Curtis Garman >> >>>> Web Programmer >> >>>> Heartland Community College >> >>>> >> >>>> -- >> >>>> You are currently subscribed to [email protected] as: >> >>>> [email protected] >> >>>> To unsubscribe, change settings or access archives, see >> >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >>> >> >>> -- >> >>> You are currently subscribed to [email protected] as: >> >>> [email protected] >> >>> >> >>> >> >>> To unsubscribe, change settings or access archives, see >> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >>> >> >>> -- >> >>> You are currently subscribed to [email protected] as: >> >>> [email protected] >> >>> >> >>> >> >>> To unsubscribe, change settings or access archives, see >> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> >> You are currently subscribed to [email protected] as: >> >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > >> > >> > -- >> > Curtis Garman >> > Web Programmer >> > Heartland Community College >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> Curtis Garman >> Web Programmer >> Heartland Community College >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
