Ray,
I don't get why you say that 6.2.2 behaviour is wrong.
On both versions (6.2.2 and 6.2.3), the login UI is displayed and asks the
user to re-log (this is expected with the renew parameter!).
On 6.2.3, however, the following alert message is not displayed anymore
above the username text field:
"Welcome back, <code><strong>{0}</strong></code>. We have detected an
existing single sign-on session for you. However, you are being asked to
re-authenticate again. Please enter your Username and Password and proceed."
Damien
Le vendredi 23 octobre 2020 à 18:27:31 UTC+2, Ray Bon a écrit :
> Damien,
>
> With renew parameter set to true (i.e. force login), the 6.2.2 behaviour
> is incorrect.
> Turn up logging to see what cas is thinking.
>
> Ray
>
> On Fri, 2020-10-23 at 06:31 -0700, Dmngb wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hello all,
>
> We have observed a behavior change between 6.2.2 and 6.2.3/6.2.4,
> regarding forced renew.
>
> Nothing obvious stands out in the 'git diff v6.2.2..v6.2.3'.
>
> (I have not been able to bisect further and propose a fix: I still have
> not found the exact command line to build and deploy sucessfully from
> sources to my maven local repo. But this is another topic.).
>
> In 6.2.2:
>
>
> 1. Go to http://cas/login?renew=true&TARGET=http://testapp/ (note:
> our testapp does not validate the service ticket – I don't think it's
> relevant for the issue at hand, but I mention it just in case)
> 2. Login
> 3. Go to http://cas/login?renew=true&TARGET=http://testapp/
>
> Result (as expected): the login UI shows ‘welcome back ‘user’, …’
>
>
> In 6.2.3/6.2.4:
>
> Same steps for 1/2/3
>
> Result: the login UI does not show ‘welcome back ‘user’, …’
>
> -> e.g. existingSingleSignOnSessionAvailable seems to be false in the
> context used by loginform.html
>
> Bug reproduced with a very basic CAS overlay:
>
>
> - cas-server-webapp-jetty + cas-server-support-rest
> + cas-server-support-json-service-registry
> - application.properties
>
> server.port=15446
>
> server.address=127.0.0.1
>
> server.ssl.enabled=false
>
> server.servlet.context-path=/cas
>
> cas.authn.accept.users=user::user
>
> cas.logout.followServiceRedirects=true
>
> cas.httpClient.allowLocalLogoutUrls=true
>
> cas.service-registry.json.location=classpath:/services
>
>
> - Json registry: an "allow all" service in services/all.json
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : ".*",
>
> "name" : "ALL-SERVICES",
>
> "id" : 10000001
>
> }
>
>
> D.
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/402bf9ce-0820-428b-a697-42d10235019dn%40apereo.org.
