Hi,
It seems you're need the equivalent of "redirectAfterValidation" of
java-cas-client Cas20ProxyReceivingTicketValidationFilter...
Are you using https://github.com/lemon-arrebol/lemon-sso-java-cas-client ?
NB: Another less standard solution could be the following on HTML page:
window.history.replaceState({}, null, location.href.replace(/[?&]ticket=[^#]*/,
''))
(which also saves an HTTP 302 but who cares...)
On 02/02/2023 11:59, m.ich.elgre wrote:
Hello
I have a problem when someone uses an URL with an old or invalid ticket to
access the application. I think that this is a common problem but I couldn't
find clues to solve it.
The service settings uses the default :
"responseType": "REDIRECT"
Other choices (POST, HEADER) seem not to work well for me. REDIRECT works very
well, all is fine, there is even a single-sign-out, with only one issue.
When the browser goes back to the application after authentication, the URL
includes the ticket : ?ticket=ST-260-FX8wq79ZjsYs...
The problem is that if this URL is reused when the ticket is outdated, the user
gets a 401 error.
État HTTP 401 – Non authorisé
Type Rapport d'état
message Ticket 'ST-260-FX8wq79ZjsYs...' not recognized
description La requête nécessite une authentification HTTP.
This may happen for instance if a user bookmarks the URL, or goes back in his
browser history, etc. I see this often.
The application runs under Tomcat. There is a valve that does the
authentication and puts the principal in the session's data.
<Valve
className="org.jasig.cas.client.tomcat.v90.Cas20CasAuthenticator"
encoding="UTF-8"
casServerLoginUrl="https://.../cas/login";
casServerUrlPrefix="https://.../cas/";
serverName="..."
/>
How can I avoid that the token is in the final URL, or manage the 401 error in
order to redirect the flow to the CAS login instead of showing the error ?
Thank you.
Michael
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas <https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected] <mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/886aeb8e-0c19-47c4-8dcd-59ad2bbb42dbn%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/886aeb8e-0c19-47c4-8dcd-59ad2bbb42dbn%40apereo.org?utm_medium=email&utm_source=footer>.
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-PAS (Pôle Applications et Services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 04 08 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59 - 06 74 55 57 67
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/26bfec71-98dc-1c83-e669-14923602a5dc%40univ-paris1.fr.
