Hi Paul,
we had the same issue and solved it by changing the flow see
https://groups.google.com/a/apereo.org/forum/#!msg/cas-user/Jjx3mm-kkhE/FzO5MsF9EAAJ
in 6.1.x:
final Flow flow = super.getLoginFlow();
//change the transition target of STATE_ID_VIEW_LOGIN_FORM from
STATE_ID_REAL_SUBMIT to STATE_ID_FORCE_FLOW_SETUP
final TransitionableState viewLoginFormState = flow.
getTransitionableState(CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM);
final Transition submitTransition = (Transition) viewLoginFormState.
getTransition(CasWebflowConstants.TRANSITION_ID_SUBMIT);
submitTransition.setTargetStateResolver(new
DefaultTargetStateResolver(STATE_ID_FORCE_FLOW_SETUP));
//new STATE_ID_FORCE_FLOW_SETUP which triggers
ACTION_ID_INITIAL_FLOW_SETUP to make sure that a TGT cookie is read always!
when pressing submit (the standard only does this when loading the page)
final EvaluateAction initialFlowSetupAction = super.
createEvaluateAction(CasWebflowConstants.ACTION_ID_INITIAL_FLOW_SETUP);
final ActionState forceFlowSetupActionState = super.
createActionState(flow, STATE_ID_FORCE_FLOW_SETUP, initialFlowSetupAction);
super.createStateDefaultTransition(forceFlowSetupActionState,
STATE_ID_CHECK_TICKET);
//new STATE_ID_CHECK_TICKET which checks if the TGT is valid and if
the login name of the currently logging in user matches the user login
which authenticated with the TGT
//if the TGT is invalid or the user doesn't match trigger a
STATE_ID_REAL_SUBMIT which creates a new TGT.
//if the TGT is valid and the user matches we pretend the user is
already logged in by tiggering STATE_ID_HAS_SERVICE_CHECK
final EvaluateAction ticketGrantingTicketCheckActionForSubmit =
super.createEvaluateAction(
ACTION_ID_TICKET_GRANTING_TICKET_CHECK_ACTION_FOR_SUBMIT);
final ActionState checkTicketActionState = super.createActionState(
flow, STATE_ID_CHECK_TICKET, ticketGrantingTicketCheckActionForSubmit);
super.createTransitionForState(checkTicketActionState,
CasWebflowConstants.
TRANSITION_ID_TICKET_GRANTING_TICKET_VALID,
CasWebflowConstants.
STATE_ID_HAS_SERVICE_CHECK);
super.createTransitionForState(checkTicketActionState,
CasWebflowConstants.
TRANSITION_ID_TICKET_GRANTING_TICKET_INVALID,
CasWebflowConstants.
STATE_ID_REAL_SUBMIT);
super.createTransitionForState(checkTicketActionState,
CasWebflowConstants.
TRANSITION_ID_TICKET_GRANTING_TICKET_NOT_EXISTS,
CasWebflowConstants.
STATE_ID_REAL_SUBMIT);
On Monday, February 24, 2020 at 8:33:44 AM UTC+1, Paul Roemer wrote:
>
> Hey Ray,
>
> sure, the second tab does not know about the TGC but both share the same
> session cookie. That is why CAS should be able to detect such cases and
> could react in a configrable way, right?
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0b3c41c-c781-448d-affb-1fd7e0a8814c%40apereo.org.
