[cas-dev] IE6 SP1 went to infinite redirection while redirecting from cas server to cas client, credentials asked twice for idle loginpage

Lekhnath Bhusal lbhusal at d2hawkeye.com
Fri Dec 5 11:36:15 EST 2008 

I am really thankful to this prompt response. Regarding my configuration 
detail, I am using cas-server-3.2.1 and cas-client-3.1.3. Due to some of 
the issues with our version compatibility with the product, I have 
changed the client part slightly to support java version 1.4.
 The infinite redirection problem after login does not occur in firefox 
as far as I am aware and does not occur in other versions of IE (except 
for IE6 Sp1) as well. Let me detail this problem some more..
   When I browse to productA it redirects to CAS server. I provide my 
credentials there. Then the browser keeps showing the same page. When I 
look in the console of productA, it is displaying the following message 
in an infinite loop.
/No Proxy Ticket found for
/I am not using any proxy service so I think this message is 
appropriate. Now, if I stop this loop and hit productA in the same 
browser instance it can display productA's landing page. This shows that 
Browser is not being able to render the productA's landing page while 
redirecting from the CAS server.
The first problem I mentioned is the problem of infinite redirection 
before login- if I add a  view to default-views.properties. This occurs 
in any browser. This problem actually occurs before displaying the login 
view. My view parameter is resolved like this:
    <view-state id="interActiveLogin"
        view="${externalContext.requestParameterMap['view'] != '' 
&amp;&amp; externalContext.requestParameterMap['view']!=null ? 
externalContext.requestParameterMap['view'] : 'casLoginView'}">
Is there any limitation in ResourceBundleViewResolver or I am missing 
something in configuration?
Regards,
Lekhnath
Scott Battaglia wrote:
> My guess would be that the client application is failing to show an 
> error message if it can't correctly validate the ticket and instead 
> just redirecting to the CAS server.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Fri, Dec 5, 2008 at 8:41 AM, Robert Oschwald 
> <robertoschwald at yahoo.de <mailto:robertoschwald at yahoo.de>> wrote:
>
>     I bet this is a ssl certificate issue.
>
>     Please check whether the ssl cert is trusted by the jre. If not, add
>     it to the keystore.
>     See the casum wiki for details.
>
>     Robert
>
>     Am 05.12.2008 um 14:26 schrieb Andrew Feller:
>
>     > Lekhnath,
>     >
>     > 1. What is your setup?  Which version of the CAS Server and
>     which CAS
>     > client?  Does this only happen in IE6?  What about Firefox?
>     >
>     > 2. Could you diagram the HTTP activity in the endless loop? (e.g. /
>     > login w/
>     > view A => ...)
>     >
>     > 3. The CAS server is configured with a 5 minute session timeout in
>     > web.xml.
>     > You would either need to extend this timeout or say it is an
>     > acceptable
>     > loss.
>     >
>     > As far as the endless loop is concerned, I believe there is
>     probably a
>     > misconfiguration where there CAS client you are using to protect
>     your
>     > application is not seeing the service ticket provided by the CAS
>     > server.  It
>     > would help if you could give us more.
>     >
>     > If you want an easy way to recording what is going on when you do
>     > this, use
>     > FireFox and the "Live HTTP Headers" add-on.  This will allow you to
>     > capture
>     > all HTTP requests made so they can be analyzed.
>     >
>     > HTH,
>     > A-
>     >
>     > On 12/5/08 5:46 AM, "Lekhnath Bhusal" <lbhusal at d2hawkeye.com
>     <mailto:lbhusal at d2hawkeye.com>> wrote:
>     >
>     >> Hello team,
>     >> I am working on to integrate three products in our product line to
>     >> centrally authenticate through CAS. I changed the login page that
>     >> JASIG
>     >> provides by default and customize it. The list of issues are
>     >> 1. I use request parameter 'view' to dynamically use different
>     login
>     >> view for different product line. Now, when I add more views to
>     >> default_views.properties file the request goes to infinite
>     >> redirection loop.
>     >> 2.If I leave the login page idle for some time (5 minutes or more),
>     >> then
>     >> I have to enter my credentials twice. i.e. when I enter
>     userName and
>     >> password first time no response occurs just the username and
>     password
>     >> fields are reset and I have to re-enter the credentials and this
>     >> time I
>     >> am successfully authenticated.
>     >> 3. In IE6 Service pack 1, when I browse to a product it
>     redirects to
>     >> login server where I provide my credentials. After that the
>     >> application
>     >> redirects to the requested product and runs in an infinite loop in
>     >> the
>     >> product side. While it is looping if I provide the url directly
>     >> then the
>     >> product page is seen. This shows that in IE 6 SP1 CAS server
>     >> authenticates the user but after redirecting to the product the
>     >> browser
>     >> can not open the product page.
>     >> I need your help in this regard.
>     >> Regards,
>     >> Lekhnath
>     >>
>     >>
>     >>
>     >> PRIVACY NOTICE
>     >>
>     >> This email and any attachments may be confidential and/or
>     >> privileged. Use of
>     >> the information contained in this email by anyone other than the
>     >> intended
>     >> recipient is strictly prohibited. If you have received this email
>     >> in error,
>     >> please notify the sender by replying to this message and delete
>     >> this email.
>     >> _______________________________________________
>     >> cas-dev mailing list
>     >> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>     >> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>     >
>     > _______________________________________________
>     > cas-dev mailing list
>     > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>     > http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>     _______________________________________________
>     cas-dev mailing list
>     cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>     http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>   

 
PRIVACY NOTICE

This email and any attachments may be confidential and/or privileged. Use of the information contained in this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and delete this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081205/36d19873/attachment.html

More information about the cas-dev mailing list