[cas-dev] IE6 SP1 went to infinite redirection while redirecting from cas server to cas client, credentials asked twice for idle loginpage
Lekhnath Bhusal
lbhusal at d2hawkeye.com
Sat Dec 6 02:10:13 EST 2008
Previously it worked well. When I add few more views it started
redirecting infinitely. Now it does not work if I add any new view
without that customization also.
Scott Battaglia wrote:
> Does it work if you remove that customization?
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Fri, Dec 5, 2008 at 11:36 AM, Lekhnath Bhusal
> <lbhusal at d2hawkeye.com <mailto:lbhusal at d2hawkeye.com>> wrote:
>
>
> I am really thankful to this prompt response. Regarding my
> configuration detail, I am using cas-server-3.2.1 and
> cas-client-3.1.3. Due to some of the issues with our version
> compatibility with the product, I have changed the client part
> slightly to support java version 1.4.
> The infinite redirection problem after login does not occur in
> firefox as far as I am aware and does not occur in other versions
> of IE (except for IE6 Sp1) as well. Let me detail this problem
> some more..
> When I browse to productA it redirects to CAS server. I provide
> my credentials there. Then the browser keeps showing the same
> page. When I look in the console of productA, it is displaying the
> following message in an infinite loop.
> /No Proxy Ticket found for
> /I am not using any proxy service so I think this message is
> appropriate. Now, if I stop this loop and hit productA in the same
> browser instance it can display productA's landing page. This
> shows that Browser is not being able to render the productA's
> landing page while redirecting from the CAS server.
> The first problem I mentioned is the problem of infinite
> redirection before login- if I add a view to
> default-views.properties. This occurs in any browser. This problem
> actually occurs before displaying the login view. My view
> parameter is resolved like this:
> <view-state id="interActiveLogin"
> view="${externalContext.requestParameterMap['view'] != ''
> && externalContext.requestParameterMap['view']!=null ?
> externalContext.requestParameterMap['view'] : 'casLoginView'}">
> Is there any limitation in ResourceBundleViewResolver or I am
> missing something in configuration?
> Regards,
> Lekhnath
> Scott Battaglia wrote:
>> My guess would be that the client application is failing to show
>> an error message if it can't correctly validate the ticket and
>> instead just redirecting to the CAS server.
>>
>> -Scott
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>>
>> On Fri, Dec 5, 2008 at 8:41 AM, Robert Oschwald
>> <robertoschwald at yahoo.de <mailto:robertoschwald at yahoo.de>> wrote:
>>
>> I bet this is a ssl certificate issue.
>>
>> Please check whether the ssl cert is trusted by the jre. If
>> not, add
>> it to the keystore.
>> See the casum wiki for details.
>>
>> Robert
>>
>> Am 05.12.2008 um 14:26 schrieb Andrew Feller:
>>
>> > Lekhnath,
>> >
>> > 1. What is your setup? Which version of the CAS Server and
>> which CAS
>> > client? Does this only happen in IE6? What about Firefox?
>> >
>> > 2. Could you diagram the HTTP activity in the endless loop?
>> (e.g. /
>> > login w/
>> > view A => ...)
>> >
>> > 3. The CAS server is configured with a 5 minute session
>> timeout in
>> > web.xml.
>> > You would either need to extend this timeout or say it is an
>> > acceptable
>> > loss.
>> >
>> > As far as the endless loop is concerned, I believe there is
>> probably a
>> > misconfiguration where there CAS client you are using to
>> protect your
>> > application is not seeing the service ticket provided by
>> the CAS
>> > server. It
>> > would help if you could give us more.
>> >
>> > If you want an easy way to recording what is going on when
>> you do
>> > this, use
>> > FireFox and the "Live HTTP Headers" add-on. This will
>> allow you to
>> > capture
>> > all HTTP requests made so they can be analyzed.
>> >
>> > HTH,
>> > A-
>> >
>> > On 12/5/08 5:46 AM, "Lekhnath Bhusal"
>> <lbhusal at d2hawkeye.com <mailto:lbhusal at d2hawkeye.com>> wrote:
>> >
>> >> Hello team,
>> >> I am working on to integrate three products in our product
>> line to
>> >> centrally authenticate through CAS. I changed the login
>> page that
>> >> JASIG
>> >> provides by default and customize it. The list of issues are
>> >> 1. I use request parameter 'view' to dynamically use
>> different login
>> >> view for different product line. Now, when I add more views to
>> >> default_views.properties file the request goes to infinite
>> >> redirection loop.
>> >> 2.If I leave the login page idle for some time (5 minutes
>> or more),
>> >> then
>> >> I have to enter my credentials twice. i.e. when I enter
>> userName and
>> >> password first time no response occurs just the username
>> and password
>> >> fields are reset and I have to re-enter the credentials
>> and this
>> >> time I
>> >> am successfully authenticated.
>> >> 3. In IE6 Service pack 1, when I browse to a product it
>> redirects to
>> >> login server where I provide my credentials. After that the
>> >> application
>> >> redirects to the requested product and runs in an infinite
>> loop in
>> >> the
>> >> product side. While it is looping if I provide the url
>> directly
>> >> then the
>> >> product page is seen. This shows that in IE 6 SP1 CAS server
>> >> authenticates the user but after redirecting to the
>> product the
>> >> browser
>> >> can not open the product page.
>> >> I need your help in this regard.
>> >> Regards,
>> >> Lekhnath
>> >>
>> >>
>> >>
>> >> PRIVACY NOTICE
>> >>
>> >> This email and any attachments may be confidential and/or
>> >> privileged. Use of
>> >> the information contained in this email by anyone other
>> than the
>> >> intended
>> >> recipient is strictly prohibited. If you have received
>> this email
>> >> in error,
>> >> please notify the sender by replying to this message and
>> delete
>> >> this email.
>> >> _______________________________________________
>> >> cas-dev mailing list
>> >> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>> >> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>> >
>> > _______________________________________________
>> > cas-dev mailing list
>> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
>>
>> _______________________________________________
>> cas-dev mailing list
>> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
>>
>>
>> _______________________________________________ cas-dev mailing
>> list cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
> PRIVACY NOTICE
>
> This email and any attachments may be confidential and/or
> privileged. Use of the information contained in this email by
> anyone other than the intended recipient is strictly prohibited.
> If you have received this email in error, please notify the sender
> by replying to this message and delete this email.
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081206/b469be74/attachment.html
More information about the cas-dev
mailing list