True, most users won't know the difference...I only ask because it has
the potential to increase helpdesk calls...if the login fails in the
manner I described, the user just gets a white screen (at lease in
firefox) and they won't know what to do.

What page would I need to change? Is it the casPostResponseView.jsp

Curtis

On Tue, Jan 19, 2010 at 9:17 AM, Scott Battaglia
<[email protected]> wrote:
> Well that page can always be updated to include an actual submit button and
> an appropriate message. We just never did it (because the number of people
> with JavaScript turned off is pretty minimal).
>
>
> On Tue, Jan 19, 2010 at 10:15 AM, Curtis Garman <[email protected]>
> wrote:
>>
>> hmm...gotcha...ok so am I correct in assuming then that if the user
>> has javascript turned off they are just out of luck?...it would
>> probably be a good idea then to have cas check if javascript is
>> enabled an only proceed if it is...otherwise display a message to the
>> user that they need to enable it...or display a submit button.
>>
>> Curtis
>>
>> On Tue, Jan 19, 2010 at 9:07 AM,  <[email protected]> wrote:
>> > You've told it to respond via POST. You cannot do redirects via POST in
>> > http so we need to create a form and submit it. Which is what its 
>> > attempting
>> > to do.
>> >
>> >
>> > Sent from my Verizon Wireless BlackBerry
>> >
>> > -----Original Message-----
>> > From: Curtis Garman <[email protected]>
>> > Date: Tue, 19 Jan 2010 09:05:09
>> > To: <[email protected]>
>> > Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is
>> > disabled
>> >
>> > Sorry for the delay in more details...long weekend...my steps are as
>> > follows:
>> >
>> > 1) login to uportal
>> > 2) switch off javascript
>> > 3) login to my casified app via the following SSO link
>> >
>> > https://<server>/cas/login?method=POST&service=https://<server>/<webapp>/login
>> > where the service url performs some post processing after coming back
>> > from CAS
>> > 4) I recieve the following response
>> >
>> > <html>
>> >        <body onload="document.acsForm.submit();">
>> >                <form name="acsForm"
>> > action="https://<server>/<webapp>/login" method="post">
>> >                        <div style="display: none">
>> >                                <textarea rows=10 cols=80
>> > name="ticket">ST-98-714toQ3wFWq93tcqslre-cas</textarea>
>> >                        </div>
>> >                </form>
>> >        </body>
>> > </html>
>> >
>> > Why I'm getting this at all is a mystery to me...I never made a call
>> > to google or perhaps saml (not sure if this form is specific to google
>> > or saml) but it appears to be doing something to call this page before
>> > validating my existing cas ticket
>> >
>> > Curtis
>> >
>> > On Thu, Jan 14, 2010 at 7:22 PM, Scott Battaglia
>> > <[email protected]> wrote:
>> >> Yes, that would be expected (arguably we should probably have a way to
>> >> submit that form for JavaScript-disabled).  I think the original poster
>> >> was
>> >> saying if he then went to a non-Google Apps application, the redirect
>> >> would
>> >> still fail.  Unless I read it wrong.
>> >>
>> >>
>> >> On Thu, Jan 14, 2010 at 6:21 PM, Johan Reinalda
>> >> <[email protected]> wrote:
>> >>>
>> >>> Scott,
>> >>>
>> >>> I can replicate this.
>> >>> (at Thunderbird, 3 days ago we went live with CAS3.3.5, Google Apps,
>> >>> Moodle, and some internally developed web apps, all working off MS-AD
>> >>> accounts)
>> >>>
>> >>> When I go to Gapps mail interface, with Firefox 3.5.7 with Javascript
>> >>> disabled, I get redirected to our CAS login page. The returned,
>> >>> hung page
>> >>> has an onload=submit() as follows, and thus you're dead in the water!
>> >>>
>> >>> Johan
>> >>> I&IT
>> >>> Thunderbird School of Global Management
>> >>> CAS @ https://login.thunderbird.edu
>> >>>
>> >>> ==================
>> >>>
>> >>> "Hung" URL (shortened the saml request for readability):
>> >>>
>> >>>
>> >>> https://login.thunderbird.edu/cas/login?SAMLRequest=fVLJbt....&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fglobal.t-bird.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fglobal.t-bird.edu%252F%26bsv%3Dzpwhtygjntrz%26ltmpl%3Ddefault%26ltmplcache%3D2
>> >>>
>> >>> HTML Content of above (saml keys somewhat shortened):
>> >>>
>> >>> <html>
>> >>>      <body onload="document.acsForm.submit();">
>> >>>              <form name="acsForm"
>> >>> action="https://www.google.com/a/global.t-bird.edu/acs"; method="post">
>> >>>             <div style="display: none">
>> >>>
>> >>>                  <textarea rows=10 cols=80
>> >>> name="SAMLResponse">&lt;?xml
>> >>> version=&#034;1.0&#034; encoding=&#034;UTF-8&#034;?&gt;
>> >>> &lt;samlp:Response
>> >>> xmlns:samlp=&#034;urn:oasis:names:tc:SAML:2.0:protocol&#034;
>> >>> xmlns=&#034;urn:oasis:names:tc:SAML:2.0:assertion&#034;
>> >>> xmlns:xenc=&#034;http://www.w3.org/2001/04/xmlenc#&#034;
>> >>> ID=&#034;iaakapbhfmfkngflfngoopdplmhgjaofhccjjala&#034;
>> >>> IssueInstant=&#034;2010-01-14T16:12:45Z&#034;
>> >>> Version=&#034;2.0&#034;&gt;&lt;Signature
>> >>>
>> >>> xmlns=&#034;http://www.w3.org/2000/09/xmldsig#&#034;&gt;&lt;SignedInfo&gt;&lt;CanonicalizationMethod
>> >>>
>> >>> Algorithm=&#034;http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments&#034;
>> >>> /&gt;&lt;SignatureMethod
>> >>> Algorithm=&#034;http://www.w3.org/2000/09/xmldsig#rsa-sha1&#034;
>> >>> /&gt;&lt;Reference URI=&#034;&#034;&gt;&lt;Transforms&gt;&lt;Transform
>> >>>
>> >>> Algorithm=&#034;http://www.w3.org/2000/09/xmldsig#enveloped-signature&#034;
>> >>> /&gt;&lt;/Transforms&gt;&lt;DigestMethod
>> >>> Algorithm=&#034;http://www.w3.org/2000/09/xmldsig#sha1&#034;
>> >>>
>> >>> /&gt;&lt;DigestValue&gt;m0mTxxyJj3cXrJjilwjpibB7zXk=&lt;/DigestValue&gt;&lt;/Reference&gt;&lt;/SignedInfo&gt;&lt;SignatureValue&gt;t91KQtTk6eaXNNU3HGK8pJm7Ua9hbEn35eOhjqUh9v7SZ94wSg1ziEtYuJYqvYI889MNC7YLMjd4
>> >>>
>> >>>
>> >>> fECJr4AOrzOfcEFEKgpBMi/SKcc+UgHuQUer9g==&lt;/SignatureValue&gt;&lt;KeyInfo&gt;&lt;KeyValue&gt;&lt;RSAKeyValue&gt;&lt;Modulus&gt;uWn6/TurLUy6W70rMIkcAfLNMr4/1Ra/ju7MgNi1kjL5VRkgCGQuozMH7/jKbzIDdQxnNrGaor8o
>> >>>
>> >>>
>> >>> VnYFblIaIq05ngKGcr1ulBPreUzXagpyTU2QLQ==&lt;/Modulus&gt;&lt;Exponent&gt;AQAB&lt;/Exponent&gt;&lt;/RSAKeyValue&gt;&lt;/KeyValue&gt;&lt;/KeyInfo&gt;&lt;/Signature&gt;&lt;samlp:Status&gt;&lt;samlp:StatusCode
>> >>> Value=&#034;urn:oasis:names:tc:SAML:2.0:status:Success&#034;
>> >>> /&gt;&lt;/samlp:Status&gt;&lt;Assertion
>> >>> ID=&#034;pfjeimfgpknnnionmnhceanbpjnilphmalgmhgdo&#034;
>> >>> IssueInstant=&#034;2003-04-17T00:46:02Z&#034;
>> >>>
>> >>> Version=&#034;2.0&#034;&gt;&lt;Issuer&gt;https://www.opensaml.org/IDP&lt;/Issuer&gt;&lt;Subject&gt;&lt;NameID
>> >>>
>> >>> Format=&#034;urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress&#034;&gt;[email protected]&lt;/NameID&gt;&lt;SubjectConfirmation
>> >>>
>> >>> Method=&#034;urn:oasis:names:tc:SAML:2.0:cm:bearer&#034;&gt;&lt;SubjectConfirmationData
>> >>> InResponseTo=&#034;lcphjmnkcimmdockldcfhaekkagokofkkpbkoemk&#034;
>> >>> NotOnOrAfter=&#034;2011-01-14T16:12:45Z&#034;
>> >>> Recipient=&#034;https://www.google.com/a/global.t-bird.edu/acs&#034;
>> >>> /&gt;&lt;/SubjectConfirmation&gt;&lt;/Subject&gt;&lt;Conditions
>> >>> NotBefore=&#034;2003-04-17T00:46:02Z&#034;
>> >>>
>> >>> NotOnOrAfter=&#034;2011-01-14T16:12:45Z&#034;&gt;&lt;AudienceRestriction&gt;&lt;Audience&gt;https://www.google.com/a/global.t-bird.edu/acs&lt;/Audience&gt;&lt;/AudienceRestriction&gt;&lt;/Conditions&gt;&lt;AuthnStatement
>> >>>
>> >>> AuthnInstant=&#034;2010-01-14T16:12:45Z&#034;&gt;&lt;AuthnContext&gt;&lt;AuthnContextClassRef&gt;urn:oasis:names:tc:SAML:2.0:ac:classes:Password&lt;/AuthnContextClassRef&gt;&lt;/AuthnContext&gt;&lt;/AuthnStatement&gt;&lt;/Assertion&gt;&lt;/samlp:Response&gt;
>> >>> </textarea>
>> >>>
>> >>>             <textarea rows=10 cols=80
>> >>>
>> >>> name="RelayState">https://www.google.com/a/global.t-bird.edu/ServiceLogin?service=mail&amp;passive=true&amp;rm=false&amp;continue=http%3A%2F%2Fmail.google.com%2Fa%2Fglobal.t-bird.edu%2F&amp;bsv=zpwhtygjntrz&amp;ltmpl=default&amp;ltmplcache=2</textarea>
>> >>>             </div>
>> >>>           </form>
>> >>>      </body>
>> >>> </html>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> ----- Original Message -----
>> >>> From: Scott Battaglia
>> >>> To: [email protected]
>> >>> Sent: Thursday, January 14, 2010 8:59 AM
>> >>> Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is
>> >>> disabled
>> >>> That doesn't make much sense because most apps don't use the
>> >>> JavaScript
>> >>> method for redirecting back.
>> >>>
>> >>> Can you let me know what steps you've taken to repeat this?  We have
>> >>> one
>> >>> user at RU that uses our Google Apps support so I can maybe ask him to
>> >>> try
>> >>> and execute the same steps you are.
>> >>>
>> >>> Thanks
>> >>> Scott
>> >>>
>> >>>
>> >>> On Thu, Jan 14, 2010 at 10:12 AM, Curtis Garman
>> >>> <[email protected]>
>> >>> wrote:
>> >>>>
>> >>>> I've got google apps configured with cas and when I try to login to a
>> >>>> totally different app without javascript enabled, I get a white
>> >>>> screen.  Looking closer at the page source shows that it is part of a
>> >>>> saml request and it is failing because it is depending on an
>> >>>> automatic
>> >>>> form submission via javascript. It looks to me like the saml stuff is
>> >>>> being checked first, failing because of having javascript disabled,
>> >>>> and thus causing all other authentications to halt. Is there anyway
>> >>>> around this or is this a side effect of having google apps
>> >>>> configured?
>> >>>>
>> >>>> --
>> >>>> Curtis Garman
>> >>>> Web Programmer
>> >>>> Heartland Community College
>> >>>>
>> >>>> --
>> >>>> You are currently subscribed to [email protected] as:
>> >>>> [email protected]
>> >>>> To unsubscribe, change settings or access archives, see
>> >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >>>
>> >>> --
>> >>> You are currently subscribed to [email protected] as:
>> >>> [email protected]
>> >>>
>> >>>
>> >>> To unsubscribe, change settings or access archives, see
>> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >>>
>> >>> --
>> >>> You are currently subscribed to [email protected] as:
>> >>> [email protected]
>> >>>
>> >>>
>> >>> To unsubscribe, change settings or access archives, see
>> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >>
>> >> --
>> >> You are currently subscribed to [email protected] as:
>> >> [email protected]
>> >> To unsubscribe, change settings or access archives, see
>> >> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >
>> >
>> >
>> > --
>> > Curtis Garman
>> > Web Programmer
>> > Heartland Community College
>> >
>> > --
>> > You are currently subscribed to [email protected] as:
>> > [email protected]
>> > To unsubscribe, change settings or access archives, see
>> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >
>> >
>> > --
>> > You are currently subscribed to [email protected] as:
>> > [email protected]
>> > To unsubscribe, change settings or access archives, see
>> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>> --
>> Curtis Garman
>> Web Programmer
>> Heartland Community College
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user



-- 
Curtis Garman
Web Programmer
Heartland Community College

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to