You've told it to respond via POST. You cannot do redirects via POST in http so we need to create a form and submit it. Which is what its attempting to do.
Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Curtis Garman <[email protected]> Date: Tue, 19 Jan 2010 09:05:09 To: <[email protected]> Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is disabled Sorry for the delay in more details...long weekend...my steps are as follows: 1) login to uportal 2) switch off javascript 3) login to my casified app via the following SSO link https://<server>/cas/login?method=POST&service=https://<server>/<webapp>/login where the service url performs some post processing after coming back from CAS 4) I recieve the following response <html> <body onload="document.acsForm.submit();"> <form name="acsForm" action="https://<server>/<webapp>/login" method="post"> <div style="display: none"> <textarea rows=10 cols=80 name="ticket">ST-98-714toQ3wFWq93tcqslre-cas</textarea> </div> </form> </body> </html> Why I'm getting this at all is a mystery to me...I never made a call to google or perhaps saml (not sure if this form is specific to google or saml) but it appears to be doing something to call this page before validating my existing cas ticket Curtis On Thu, Jan 14, 2010 at 7:22 PM, Scott Battaglia <[email protected]> wrote: > Yes, that would be expected (arguably we should probably have a way to > submit that form for JavaScript-disabled). I think the original poster was > saying if he then went to a non-Google Apps application, the redirect would > still fail. Unless I read it wrong. > > > On Thu, Jan 14, 2010 at 6:21 PM, Johan Reinalda > <[email protected]> wrote: >> >> Scott, >> >> I can replicate this. >> (at Thunderbird, 3 days ago we went live with CAS3.3.5, Google Apps, >> Moodle, and some internally developed web apps, all working off MS-AD >> accounts) >> >> When I go to Gapps mail interface, with Firefox 3.5.7 with Javascript >> disabled, I get redirected to our CAS login page. The returned, hung page >> has an onload=submit() as follows, and thus you're dead in the water! >> >> Johan >> I&IT >> Thunderbird School of Global Management >> CAS @ https://login.thunderbird.edu >> >> ================== >> >> "Hung" URL (shortened the saml request for readability): >> >> https://login.thunderbird.edu/cas/login?SAMLRequest=fVLJbt....&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fglobal.t-bird.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fglobal.t-bird.edu%252F%26bsv%3Dzpwhtygjntrz%26ltmpl%3Ddefault%26ltmplcache%3D2 >> >> HTML Content of above (saml keys somewhat shortened): >> >> <html> >> <body onload="document.acsForm.submit();"> >> <form name="acsForm" >> action="https://www.google.com/a/global.t-bird.edu/acs"; method="post"> >> <div style="display: none"> >> >> <textarea rows=10 cols=80 name="SAMLResponse"><?xml >> version="1.0" encoding="UTF-8"?> >> <samlp:Response >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> xmlns="urn:oasis:names:tc:SAML:2.0:assertion" >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" >> ID="iaakapbhfmfkngflfngoopdplmhgjaofhccjjala" >> IssueInstant="2010-01-14T16:12:45Z" >> Version="2.0"><Signature >> xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" >> /><SignatureMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" >> /><Reference URI=""><Transforms><Transform >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" >> /></Transforms><DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" >> /><DigestValue>m0mTxxyJj3cXrJjilwjpibB7zXk=</DigestValue></Reference></SignedInfo><SignatureValue>t91KQtTk6eaXNNU3HGK8pJm7Ua9hbEn35eOhjqUh9v7SZ94wSg1ziEtYuJYqvYI889MNC7YLMjd4 >> >> fECJr4AOrzOfcEFEKgpBMi/SKcc+UgHuQUer9g==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>uWn6/TurLUy6W70rMIkcAfLNMr4/1Ra/ju7MgNi1kjL5VRkgCGQuozMH7/jKbzIDdQxnNrGaor8o >> >> VnYFblIaIq05ngKGcr1ulBPreUzXagpyTU2QLQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature><samlp:Status><samlp:StatusCode >> Value="urn:oasis:names:tc:SAML:2.0:status:Success" >> /></samlp:Status><Assertion >> ID="pfjeimfgpknnnionmnhceanbpjnilphmalgmhgdo" >> IssueInstant="2003-04-17T00:46:02Z" >> Version="2.0"><Issuer>https://www.opensaml.org/IDP</Issuer><Subject><NameID >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress">[email protected]</NameID><SubjectConfirmation >> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData >> InResponseTo="lcphjmnkcimmdockldcfhaekkagokofkkpbkoemk" >> NotOnOrAfter="2011-01-14T16:12:45Z" >> Recipient="https://www.google.com/a/global.t-bird.edu/acs" >> /></SubjectConfirmation></Subject><Conditions >> NotBefore="2003-04-17T00:46:02Z" >> NotOnOrAfter="2011-01-14T16:12:45Z"><AudienceRestriction><Audience>https://www.google.com/a/global.t-bird.edu/acs</Audience></AudienceRestriction></Conditions><AuthnStatement >> AuthnInstant="2010-01-14T16:12:45Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response> >> </textarea> >> >> <textarea rows=10 cols=80 >> name="RelayState">https://www.google.com/a/global.t-bird.edu/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fglobal.t-bird.edu%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2</textarea> >> </div> >> </form> >> </body> >> </html> >> >> >> >> >> >> >> >> >> >> >> ----- Original Message ----- >> From: Scott Battaglia >> To: [email protected] >> Sent: Thursday, January 14, 2010 8:59 AM >> Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is disabled >> That doesn't make much sense because most apps don't use the JavaScript >> method for redirecting back. >> >> Can you let me know what steps you've taken to repeat this? We have one >> user at RU that uses our Google Apps support so I can maybe ask him to try >> and execute the same steps you are. >> >> Thanks >> Scott >> >> >> On Thu, Jan 14, 2010 at 10:12 AM, Curtis Garman <[email protected]> >> wrote: >>> >>> I've got google apps configured with cas and when I try to login to a >>> totally different app without javascript enabled, I get a white >>> screen. Looking closer at the page source shows that it is part of a >>> saml request and it is failing because it is depending on an automatic >>> form submission via javascript. It looks to me like the saml stuff is >>> being checked first, failing because of having javascript disabled, >>> and thus causing all other authentications to halt. Is there anyway >>> around this or is this a side effect of having google apps configured? >>> >>> -- >>> Curtis Garman >>> Web Programmer >>> Heartland Community College >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
