That should be the page. Feel free (i.e. we encourage ;-)) to contribute back your changes to the page!
Cheers Scott On Tue, Jan 19, 2010 at 10:54 AM, Curtis Garman <[email protected]>wrote: > True, most users won't know the difference...I only ask because it has > the potential to increase helpdesk calls...if the login fails in the > manner I described, the user just gets a white screen (at lease in > firefox) and they won't know what to do. > > What page would I need to change? Is it the casPostResponseView.jsp > > Curtis > > On Tue, Jan 19, 2010 at 9:17 AM, Scott Battaglia > <[email protected]> wrote: > > Well that page can always be updated to include an actual submit button > and > > an appropriate message. We just never did it (because the number of > people > > with JavaScript turned off is pretty minimal). > > > > > > On Tue, Jan 19, 2010 at 10:15 AM, Curtis Garman <[email protected]> > > wrote: > >> > >> hmm...gotcha...ok so am I correct in assuming then that if the user > >> has javascript turned off they are just out of luck?...it would > >> probably be a good idea then to have cas check if javascript is > >> enabled an only proceed if it is...otherwise display a message to the > >> user that they need to enable it...or display a submit button. > >> > >> Curtis > >> > >> On Tue, Jan 19, 2010 at 9:07 AM, <[email protected]> wrote: > >> > You've told it to respond via POST. You cannot do redirects via POST > in > >> > http so we need to create a form and submit it. Which is what its > attempting > >> > to do. > >> > > >> > > >> > Sent from my Verizon Wireless BlackBerry > >> > > >> > -----Original Message----- > >> > From: Curtis Garman <[email protected]> > >> > Date: Tue, 19 Jan 2010 09:05:09 > >> > To: <[email protected]> > >> > Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is > >> > disabled > >> > > >> > Sorry for the delay in more details...long weekend...my steps are as > >> > follows: > >> > > >> > 1) login to uportal > >> > 2) switch off javascript > >> > 3) login to my casified app via the following SSO link > >> > > >> > https://<server>/cas/login?method=POST&service=https:// > <server>/<webapp>/login > >> > where the service url performs some post processing after coming back > >> > from CAS > >> > 4) I recieve the following response > >> > > >> > <html> > >> > <body onload="document.acsForm.submit();"> > >> > <form name="acsForm" > >> > action="https://<server>/<webapp>/login" method="post"> > >> > <div style="display: none"> > >> > <textarea rows=10 cols=80 > >> > name="ticket">ST-98-714toQ3wFWq93tcqslre-cas</textarea> > >> > </div> > >> > </form> > >> > </body> > >> > </html> > >> > > >> > Why I'm getting this at all is a mystery to me...I never made a call > >> > to google or perhaps saml (not sure if this form is specific to google > >> > or saml) but it appears to be doing something to call this page before > >> > validating my existing cas ticket > >> > > >> > Curtis > >> > > >> > On Thu, Jan 14, 2010 at 7:22 PM, Scott Battaglia > >> > <[email protected]> wrote: > >> >> Yes, that would be expected (arguably we should probably have a way > to > >> >> submit that form for JavaScript-disabled). I think the original > poster > >> >> was > >> >> saying if he then went to a non-Google Apps application, the redirect > >> >> would > >> >> still fail. Unless I read it wrong. > >> >> > >> >> > >> >> On Thu, Jan 14, 2010 at 6:21 PM, Johan Reinalda > >> >> <[email protected]> wrote: > >> >>> > >> >>> Scott, > >> >>> > >> >>> I can replicate this. > >> >>> (at Thunderbird, 3 days ago we went live with CAS3.3.5, Google Apps, > >> >>> Moodle, and some internally developed web apps, all working off > MS-AD > >> >>> accounts) > >> >>> > >> >>> When I go to Gapps mail interface, with Firefox 3.5.7 with > Javascript > >> >>> disabled, I get redirected to our CAS login page. The returned, > >> >>> hung page > >> >>> has an onload=submit() as follows, and thus you're dead in the > water! > >> >>> > >> >>> Johan > >> >>> I&IT > >> >>> Thunderbird School of Global Management > >> >>> CAS @ https://login.thunderbird.edu > >> >>> > >> >>> ================== > >> >>> > >> >>> "Hung" URL (shortened the saml request for readability): > >> >>> > >> >>> > >> >>> > https://login.thunderbird.edu/cas/login?SAMLRequest=fVLJbt....&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fglobal.t-bird.edu%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fa%252Fglobal.t-bird.edu%252F%26bsv%3Dzpwhtygjntrz%26ltmpl%3Ddefault%26ltmplcache%3D2 > >> >>> > >> >>> HTML Content of above (saml keys somewhat shortened): > >> >>> > >> >>> <html> > >> >>> <body onload="document.acsForm.submit();"> > >> >>> <form name="acsForm" > >> >>> action="https://www.google.com/a/global.t-bird.edu/acs"; > method="post"> > >> >>> <div style="display: none"> > >> >>> > >> >>> <textarea rows=10 cols=80 > >> >>> name="SAMLResponse"><?xml > >> >>> version="1.0" encoding="UTF-8"?> > >> >>> <samlp:Response > >> >>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > >> >>> xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > >> >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" > >> >>> ID="iaakapbhfmfkngflfngoopdplmhgjaofhccjjala" > >> >>> IssueInstant="2010-01-14T16:12:45Z" > >> >>> Version="2.0"><Signature > >> >>> > >> >>> xmlns=" > http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod > >> >>> > >> >>> Algorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" > >> >>> /><SignatureMethod > >> >>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" > >> >>> /><Reference > URI=""><Transforms><Transform > >> >>> > >> >>> Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature" > >> >>> /></Transforms><DigestMethod > >> >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" > >> >>> > >> >>> > /><DigestValue>m0mTxxyJj3cXrJjilwjpibB7zXk=</DigestValue></Reference></SignedInfo><SignatureValue>t91KQtTk6eaXNNU3HGK8pJm7Ua9hbEn35eOhjqUh9v7SZ94wSg1ziEtYuJYqvYI889MNC7YLMjd4 > >> >>> > >> >>> > >> >>> > fECJr4AOrzOfcEFEKgpBMi/SKcc+UgHuQUer9g==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>uWn6/TurLUy6W70rMIkcAfLNMr4/1Ra/ju7MgNi1kjL5VRkgCGQuozMH7/jKbzIDdQxnNrGaor8o > >> >>> > >> >>> > >> >>> > VnYFblIaIq05ngKGcr1ulBPreUzXagpyTU2QLQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature><samlp:Status><samlp:StatusCode > >> >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success" > >> >>> /></samlp:Status><Assertion > >> >>> ID="pfjeimfgpknnnionmnhceanbpjnilphmalgmhgdo" > >> >>> IssueInstant="2003-04-17T00:46:02Z" > >> >>> > >> >>> Version="2.0"><Issuer> > https://www.opensaml.org/IDP</Issuer><Subject><NameID > >> >>> > >> >>> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress&# > 034;>[email protected] <034%3b%26gt%[email protected]> > </NameID><SubjectConfirmation > >> >>> > >> >>> > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData > >> >>> InResponseTo="lcphjmnkcimmdockldcfhaekkagokofkkpbkoemk" > >> >>> NotOnOrAfter="2011-01-14T16:12:45Z" > >> >>> Recipient="https://www.google.com/a/global.t-bird.edu/acs" > ; > >> >>> /></SubjectConfirmation></Subject><Conditions > >> >>> NotBefore="2003-04-17T00:46:02Z" > >> >>> > >> >>> > NotOnOrAfter="2011-01-14T16:12:45Z"><AudienceRestriction><Audience> > https://www.google.com/a/global.t-bird.edu/acs</Audience></AudienceRestriction></Conditions><AuthnStatement > >> >>> > >> >>> > AuthnInstant="2010-01-14T16:12:45Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response> > >> >>> </textarea> > >> >>> > >> >>> <textarea rows=10 cols=80 > >> >>> > >> >>> name="RelayState"> > https://www.google.com/a/global.t-bird.edu/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fglobal.t-bird.edu%2F&bsv=zpwhtygjntrz&ltmpl=default&ltmplcache=2 > </textarea> > >> >>> </div> > >> >>> </form> > >> >>> </body> > >> >>> </html> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> ----- Original Message ----- > >> >>> From: Scott Battaglia > >> >>> To: [email protected] > >> >>> Sent: Thursday, January 14, 2010 8:59 AM > >> >>> Subject: Re: [cas-user] CAS 3.3.4 login fails when javascript is > >> >>> disabled > >> >>> That doesn't make much sense because most apps don't use the > >> >>> JavaScript > >> >>> method for redirecting back. > >> >>> > >> >>> Can you let me know what steps you've taken to repeat this? We have > >> >>> one > >> >>> user at RU that uses our Google Apps support so I can maybe ask him > to > >> >>> try > >> >>> and execute the same steps you are. > >> >>> > >> >>> Thanks > >> >>> Scott > >> >>> > >> >>> > >> >>> On Thu, Jan 14, 2010 at 10:12 AM, Curtis Garman > >> >>> <[email protected]> > >> >>> wrote: > >> >>>> > >> >>>> I've got google apps configured with cas and when I try to login to > a > >> >>>> totally different app without javascript enabled, I get a white > >> >>>> screen. Looking closer at the page source shows that it is part of > a > >> >>>> saml request and it is failing because it is depending on an > >> >>>> automatic > >> >>>> form submission via javascript. It looks to me like the saml stuff > is > >> >>>> being checked first, failing because of having javascript disabled, > >> >>>> and thus causing all other authentications to halt. Is there anyway > >> >>>> around this or is this a side effect of having google apps > >> >>>> configured? > >> >>>> > >> >>>> -- > >> >>>> Curtis Garman > >> >>>> Web Programmer > >> >>>> Heartland Community College > >> >>>> > >> >>>> -- > >> >>>> You are currently subscribed to [email protected] as: > >> >>>> [email protected] > >> >>>> To unsubscribe, change settings or access archives, see > >> >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> >>> > >> >>> -- > >> >>> You are currently subscribed to [email protected] as: > >> >>> [email protected] > >> >>> > >> >>> > >> >>> To unsubscribe, change settings or access archives, see > >> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> >>> > >> >>> -- > >> >>> You are currently subscribed to [email protected] as: > >> >>> [email protected] > >> >>> > >> >>> > >> >>> To unsubscribe, change settings or access archives, see > >> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> >> > >> >> -- > >> >> You are currently subscribed to [email protected] as: > >> >> [email protected] > >> >> To unsubscribe, change settings or access archives, see > >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > > >> > > >> > > >> > -- > >> > Curtis Garman > >> > Web Programmer > >> > Heartland Community College > >> > > >> > -- > >> > You are currently subscribed to [email protected] as: > >> > [email protected] > >> > To unsubscribe, change settings or access archives, see > >> > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > > >> > > >> > -- > >> > You are currently subscribed to [email protected] as: > >> > [email protected] > >> > To unsubscribe, change settings or access archives, see > >> > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > >> > >> > >> -- > >> Curtis Garman > >> Web Programmer > >> Heartland Community College > >> > >> -- > >> You are currently subscribed to [email protected] as: > >> [email protected] > >> To unsubscribe, change settings or access archives, see > >> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > Curtis Garman > Web Programmer > Heartland Community College > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
