Hello,
Just for information, the regression is *not* present in 6.3.7.1 (but still
is in 6.2.8).
Damien
Le mercredi 28 octobre 2020 à 11:21:06 UTC+1, Dmngb a écrit :
> Hello,
>
> There's only one user-visible difference between 6.2.2 and 6.2.[34] : the
> alert message is not displayed.
> Otherwise, everything works as expected and we are redirected to the app
> after login.
>
> Yes, I have checked the source code, and the warning message is still
> supposed to be displayed.
>
> See code in
> /support/cas-server-support-thymeleaf/src/main/resources/templates/fragments/loginform.html:
> <div th:if="${existingSingleSignOnSessionAvailable}">
> <i class="mdi mdi-alert-decagram"></i>
> <span class="mdc-button__label"
>
> th:utext="#{screen.welcome.forcedsso(${existingSingleSignOnSessionPrincipal.id},${registeredService.name})}"
>
> />
> </div>
>
> -> existingSingleSignOnSessionAvailable is set to false whereas it should
> be set to true (in fact, we have noticed, because our own UI customization
> relies on existingSingleSignOnSessionAvailable being set properly!).
>
> I have not yet been able to build and test from source to find which
> commit in git log v6.2.2..v6.2.3 has changed the behavior.
>
> Damien
>
>
> Le vendredi 23 octobre 2020 à 20:21:02 UTC+2, Ray Bon a écrit :
>
>> Damien,
>>
>> My applogies. I thought 'login UI' was in your test app.
>>
>> Is the cas login page displayed in 6.2.4, but the alert message is not,
>> or are you redirected to the test app?
>>
>> You could check the source for the log in page,
>> https://github.com/apereo/cas, maybe that text has been removed.
>>
>> Still, check the logs to see what is different.
>>
>> Ray
>>
>> On Fri, 2020-10-23 at 10:12 -0700, Dmngb wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>> Ray,
>>
>> I don't get why you say that 6.2.2 behaviour is wrong.
>>
>> On both versions (6.2.2 and 6.2.3), the login UI is displayed and asks
>> the user to re-log (this is expected with the renew parameter!).
>>
>> On 6.2.3, however, the following alert message is not displayed anymore
>> above the username text field:
>> "Welcome back, <code><strong>{0}</strong></code>. We have detected an
>> existing single sign-on session for you. However, you are being asked to
>> re-authenticate again. Please enter your Username and Password and proceed."
>>
>>
>> Damien
>>
>>
>> Le vendredi 23 octobre 2020 à 18:27:31 UTC+2, Ray Bon a écrit :
>>
>> Damien,
>>
>> With renew parameter set to true (i.e. force login), the 6.2.2 behaviour
>> is incorrect.
>> Turn up logging to see what cas is thinking.
>>
>> Ray
>>
>> On Fri, 2020-10-23 at 06:31 -0700, Dmngb wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>>
>> Hello all,
>>
>> We have observed a behavior change between 6.2.2 and 6.2.3/6.2.4,
>> regarding forced renew.
>>
>> Nothing obvious stands out in the 'git diff v6.2.2..v6.2.3'.
>>
>> (I have not been able to bisect further and propose a fix: I still have
>> not found the exact command line to build and deploy sucessfully from
>> sources to my maven local repo. But this is another topic.).
>>
>> In 6.2.2:
>>
>>
>> 1. Go to http://cas/login?renew=true&TARGET=http://testapp/ (note:
>> our testapp does not validate the service ticket – I don't think it's
>> relevant for the issue at hand, but I mention it just in case)
>> 2. Login
>> 3. Go to http://cas/login?renew=true&TARGET=http://testapp/
>>
>> Result (as expected): the login UI shows ‘welcome back ‘user’, …’
>>
>>
>> In 6.2.3/6.2.4:
>>
>> Same steps for 1/2/3
>>
>> Result: the login UI does not show ‘welcome back ‘user’, …’
>>
>> -> e.g. existingSingleSignOnSessionAvailable seems to be false in the
>> context used by loginform.html
>>
>> Bug reproduced with a very basic CAS overlay:
>>
>>
>> - cas-server-webapp-jetty + cas-server-support-rest
>> + cas-server-support-json-service-registry
>> - application.properties
>>
>> server.port=15446
>>
>> server.address=127.0.0.1
>>
>> server.ssl.enabled=false
>>
>> server.servlet.context-path=/cas
>>
>> cas.authn.accept.users=user::user
>>
>> cas.logout.followServiceRedirects=true
>>
>> cas.httpClient.allowLocalLogoutUrls=true
>>
>> cas.service-registry.json.location=classpath:/services
>>
>>
>> - Json registry: an "allow all" service in services/all.json
>>
>> {
>>
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>
>> "serviceId" : ".*",
>>
>> "name" : "ALL-SERVICES",
>>
>> "id" : 10000001
>>
>> }
>>
>>
>> D.
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>> --
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/076938c8-9c39-452f-8662-db436d0a7501n%40apereo.org.
