Carlos,
If you look at the login-webflow.xml, examine the "realSubmit"
action-state. There's a few things to notice:
1) 'on="success"' routes to sentTicketGrantingTicket which is what kicks
off generating a new TGT then a new ST (which is where you issue is at).
2) 'on="successWithWarnings"' routes to another state that show the
users a webpage ("hey your password is about to expired, do you want to
change it now?") but it also issues the TGT. When the user hits the
continue button on the warning page, the ST is then generated (because
this is after the user's required action, the 5-10 seconds starts here,
so no problem) and things proceed as normal.
It sounds like you want to optionally insert an additional page in the
flow. You'll want to add some new flow logic around the "serviceCheck"
decision-state or "generateServiceTicket" action-state. You'll want to
mimic the submit code found in the casLoginMessageView view to continue
the webflow properly.
---
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
On 10/25/14 1:43 PM, Carlos Olivera wrote:
> I think that's exactly what's happening in this case. Does anyone has
> any solutions? I'm thinking about changing the login process, because
> the code in the "realSubmit" action-state checks the credentials and
> if they are OK (among other things), it creates the ticket, so I won't
> be able to present a form to the user and still have a valid ticket
> afterwards.
>
> Could it be possible to step in after the ticket validation process? I
> mean, when the login webflow reaches a successfully end state, it
> redirects to the client which sends the ticket back for validation right?
>
> Thanks!
>
> El viernes, 24 de octubre de 2014 18:36:55 UTC-2, Waldbieser, Carl
> escribió:
>
>
> If your form pops up *after* the user enters credentials but
> *before* the user is redirected the the service, that will
> probably cause the service ticket (ST) to expire before it can be
> validated. STs typically have a short lifetime (~ 5-10 seconds).
>
> Thanks,
> Carl Waldbieser
> ITS System Programmer
> Lafayette College
>
>
> ----- Original Message -----
> From: "Carlos Olivera" <carlosr...@gmail.com <javascript:>>
> To: cas-...@lists.jasig.org <javascript:>
> Cc: cas-...@lists.jasig.org <javascript:>, cas-...@lists.jasig.org
> <javascript:>, mmoa...@unicon.net <javascript:>
> Sent: Friday, October 24, 2014 4:00:08 PM
> Subject: Re: [cas-user] CAS Server 4.0 Login webflow
>
> I run some tests and I see the following message in the log:
>
> ACTION: SERVICE_TICKET_VALIDATE_FAILED
>
> Could be something related to SAML ticket validation? I think
> there's a
> time issue in those cases, isn't there?
>
> El viernes, 24 de octubre de 2014 17:41:55 UTC-2, Misagh Moayyed
> escribió:
> >
> > I cant comment exactly on the source of your issue, but the webflow
> > session (the CAS app session really) has a timeout of 5 minutes,
> set in the
> > web.xml file.
> >
> >
> >
> > *From:* Carlos Olivera [mailto:carlosr...@gmail.com <javascript:>]
> > *Sent:* Friday, October 24, 2014 12:16 PM
> > *To:* cas-...@lists.jasig.org <javascript:>
> > *Subject:* [cas-user] CAS Server 4.0 Login webflow
> >
> >
> >
> > Hi everyone, I have a doubt about the login process, I don't fully
> > understand how it all works, I don't have experience in spring
> webflow, but
> > I manage to solve my problems by googling or copying ideas from
> existing
> > code. I tried to step in, in the middle of the flow, before the
> redirect to
> > be precise. In some cases I need to display a form with some
> fields,
> > validate it and continuing the login process if everything is
> Ok, but I
> > think there is a timeout (a little one) that expires when I take
> too long
> > to complete the form (around 30 seconds). Then, when I decide to
> submit the
> > form, I get this error:
> >
> >
> > Estado HTTP 403 - No assertions found.
> > ------------------------------
> >
> > *type* Informe de estado
> >
> > *mensaje* *No assertions found.*
> >
> > *descripción* *El acceso al recurso especificado (No assertions
> found.)
> > ha sido prohibido.*
> > ------------------------------
> > JBoss Web/7.0.13.Final
> >
> >
> >
> > Is there a timeout somewhere that erase the webflow session (I'm
> not sure
> > in webflow session is the right term)?
> >
> >
> >
> > Any ideas where I should interrupt the webflow process to
> present the form
> > (depends on the service, so I need to know wich service the user is
> > accessing), collects the necessary data and continue to the rest
> of the
> > login?
> >
> >
> >
> > Thanks in advance!
> >
> >
> >
> > --
> >
> > You are currently subscribed to cas-...@lists.jasig.org
> <javascript:> as: mmoa...@unicon.net <javascript:>
> >
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> <http://www.ja-sig.org/wiki/display/JSG/cas-user>
> >
> > --
> > You are currently subscribed to cas-...@lists.jasig.org
> <javascript:> as: jasig-cas-user...@googlegroups.com <javascript:>
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> <http://www.ja-sig.org/wiki/display/JSG/cas-user>
> >
> >
> --
> You are currently subscribed to cas-...@lists.jasig.org
> <javascript:> as: wald...@lafayette.edu <javascript:>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> <http://www.ja-sig.org/wiki/display/JSG/cas-user>
>
> --
> You are currently subscribed to cas-...@lists.jasig.org
> <javascript:> as: jasig-cas-user...@googlegroups.com <javascript:>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> <http://www.ja-sig.org/wiki/display/JSG/cas-user>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
