After trying to work out the changes recommended by others but ultimately failing, I decided a compromise with CAS-1065 was appropriate.
I’ve issued pull request https://github.com/Jasig/cas/pull/321 which essentially makes the change in CAS-1065 optional. For environments where SPNEGO is the only auth type, the default of false (CAS-1065) would be suggested. For environments that need to display the login form when SPNEGO fails, setting MixedModeAuthentication to true will revert to pre-CAS-1065 logic. Misagh made a few suggestions to the comments that I’ll get cleaned up and then hopefully it will make it in 3.5.3 (and 4.0). After approval I get the go ahead, I’ll get this new property added into https://wiki.jasig.org/display/CASUM/SPNEGO. Let me know your thoughts. John From: Miguel Ángel Júlvez [mailto:ma.jul...@gmail.com] Sent: Saturday, September 21, 2013 11:37 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CAS SPNEGO headache Any news about this issue? Thx! 2013/9/10 Gasper, John <jgas...@ewu.edu<mailto:jgas...@ewu.edu>> Hey all, Unicon will trying to implement Antoni’s proposed fix, or likely something based off of it, later this week. We plan to offer a pull request for the 3.5.X branch when we get it working. John From: Miguel Ángel Júlvez [mailto:ma.jul...@gmail.com<mailto:ma.jul...@gmail.com>] Sent: Tuesday, September 10, 2013 8:14 AM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: Re: [cas-user] CAS SPNEGO headache Maybe it'll be resolved in cas 3.5.3 https://issues.jasig.org/browse/CAS-1166 ¿Any release date? Regards 2013/9/10 Miguel Ángel Júlvez <ma.jul...@gmail.com<mailto:ma.jul...@gmail.com>> Ups... in CAS 3.5.2 2013/9/10 Miguel Ángel Júlvez <ma.jul...@gmail.com<mailto:ma.jul...@gmail.com>> Same thing happens to me. When spnego fails, I get a blank white page. I don't know what to do 2013/9/9 Coffey, Christopher <ccof...@usgs.gov<mailto:ccof...@usgs.gov>> Hi Tom, I also believe I'm suffering from this issue. I'm just trying to upgrade from 3.4.11 (spnego working fine in production) to 3.5.2 and can't get the fallback login page to come up. For me if spnego fails, then I get a blank white page. I've followed this page: https://wiki.jasig.org/display/CASUM/SPNEGO , which I believe I followed last time for 3.4.11 deployment. Hope someone can help, thanks. On Mon, Sep 9, 2013 at 10:27 AM, Tom Mendenhall <tom.mendenh...@gmail.com<mailto:tom.mendenh...@gmail.com>> wrote: I am not able utilize SPNEGO with CAS (3.4.n/3.5.n). Computers/mobile devices not configured for SPNEGO or outside AD are not redirected to the fallback login form page. I get a 401 error page instead. I have been able to make it work in a dev cluster by creating a custom user-agent string and adding the string to SpnegoNegociateCredentialsAction.java. public void afterPropertiesSet() throws Exception { if (this.supportedBrowser == null) { this.supportedBrowser = new ArrayList<String>(); this.supportedBrowser.add("my-custom-string"); } Desktop support does not want to modify user-agent string in GPO because of the multiple browsers on each computer. Also every browser update resets the user-agent string. List of related SPNEGO problems. https://issues.jasig.org/browse/CAS/component/10340 Questions. Is there anyone using SPNEGO in a production environment? Did you make any modifications to the CAS source code? If so could you share your documentation? I am wondering if adding a cas entry to the local /etc/hosts file on AD computers that would redirect the browsers to a SPNEGO only host(s) in a cluster would work using maybe a LB rewrite rule? Thanks, Tom -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: ccof...@usgs.gov<mailto:ccof...@usgs.gov> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: ma.jul...@gmail.com<mailto:ma.jul...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jgas...@ewu.edu<mailto:jgas...@ewu.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: ma.jul...@gmail.com<mailto:ma.jul...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jgas...@ewu.edu<mailto:jgas...@ewu.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user