[cas-dev] IE6 SP1 went to infinite redirection while redirecting from cas server to cas client, credentials asked twice for idle loginpage
Lekhnath Bhusal
lbhusal at d2hawkeye.com
Sat Dec 6 07:17:46 EST 2008
Regarding the infinite redirection in IE6, does the order of filter
evaluation makes this? My evaluation order for the filters is as follows:
CAS Single Sign Out Filter,CAS Filter(Authentication
filter),Cas10TicketValidationFilter(ticket validation
filter),AssertionThreadLocalFilter.
Lekhnath Bhusal wrote:
> Previously it worked well. When I add few more views it started
> redirecting infinitely. Now it does not work if I add any new view
> without that customization also.
>
> Scott Battaglia wrote:
>> Does it work if you remove that customization?
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>>
>> On Fri, Dec 5, 2008 at 11:36 AM, Lekhnath Bhusal
>> <lbhusal at d2hawkeye.com <mailto:lbhusal at d2hawkeye.com>> wrote:
>>
>>
>> I am really thankful to this prompt response. Regarding my
>> configuration detail, I am using cas-server-3.2.1 and
>> cas-client-3.1.3. Due to some of the issues with our version
>> compatibility with the product, I have changed the client part
>> slightly to support java version 1.4.
>> The infinite redirection problem after login does not occur in
>> firefox as far as I am aware and does not occur in other versions
>> of IE (except for IE6 Sp1) as well. Let me detail this problem
>> some more..
>> When I browse to productA it redirects to CAS server. I
>> provide my credentials there. Then the browser keeps showing the
>> same page. When I look in the console of productA, it is
>> displaying the following message in an infinite loop.
>> /No Proxy Ticket found for
>> /I am not using any proxy service so I think this message is
>> appropriate. Now, if I stop this loop and hit productA in the
>> same browser instance it can display productA's landing page.
>> This shows that Browser is not being able to render the
>> productA's landing page while redirecting from the CAS server.
>> The first problem I mentioned is the problem of infinite
>> redirection before login- if I add a view to
>> default-views.properties. This occurs in any browser. This
>> problem actually occurs before displaying the login view. My view
>> parameter is resolved like this:
>> <view-state id="interActiveLogin"
>> view="${externalContext.requestParameterMap['view'] != ''
>> && externalContext.requestParameterMap['view']!=null ?
>> externalContext.requestParameterMap['view'] : 'casLoginView'}">
>> Is there any limitation in ResourceBundleViewResolver or I am
>> missing something in configuration?
>> Regards,
>> Lekhnath
>> Scott Battaglia wrote:
>>> My guess would be that the client application is failing to show
>>> an error message if it can't correctly validate the ticket and
>>> instead just redirecting to the CAS server.
>>>
>>> -Scott
>>>
>>> -Scott Battaglia
>>> PGP Public Key Id: 0x383733AA
>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>>
>>>
>>> On Fri, Dec 5, 2008 at 8:41 AM, Robert Oschwald
>>> <robertoschwald at yahoo.de <mailto:robertoschwald at yahoo.de>> wrote:
>>>
>>> I bet this is a ssl certificate issue.
>>>
>>> Please check whether the ssl cert is trusted by the jre. If
>>> not, add
>>> it to the keystore.
>>> See the casum wiki for details.
>>>
>>> Robert
>>>
>>> Am 05.12.2008 um 14:26 schrieb Andrew Feller:
>>>
>>> > Lekhnath,
>>> >
>>> > 1. What is your setup? Which version of the CAS Server
>>> and which CAS
>>> > client? Does this only happen in IE6? What about Firefox?
>>> >
>>> > 2. Could you diagram the HTTP activity in the endless
>>> loop? (e.g. /
>>> > login w/
>>> > view A => ...)
>>> >
>>> > 3. The CAS server is configured with a 5 minute session
>>> timeout in
>>> > web.xml.
>>> > You would either need to extend this timeout or say it is an
>>> > acceptable
>>> > loss.
>>> >
>>> > As far as the endless loop is concerned, I believe there
>>> is probably a
>>> > misconfiguration where there CAS client you are using to
>>> protect your
>>> > application is not seeing the service ticket provided by
>>> the CAS
>>> > server. It
>>> > would help if you could give us more.
>>> >
>>> > If you want an easy way to recording what is going on when
>>> you do
>>> > this, use
>>> > FireFox and the "Live HTTP Headers" add-on. This will
>>> allow you to
>>> > capture
>>> > all HTTP requests made so they can be analyzed.
>>> >
>>> > HTH,
>>> > A-
>>> >
>>> > On 12/5/08 5:46 AM, "Lekhnath Bhusal"
>>> <lbhusal at d2hawkeye.com <mailto:lbhusal at d2hawkeye.com>> wrote:
>>> >
>>> >> Hello team,
>>> >> I am working on to integrate three products in our
>>> product line to
>>> >> centrally authenticate through CAS. I changed the login
>>> page that
>>> >> JASIG
>>> >> provides by default and customize it. The list of issues are
>>> >> 1. I use request parameter 'view' to dynamically use
>>> different login
>>> >> view for different product line. Now, when I add more
>>> views to
>>> >> default_views.properties file the request goes to infinite
>>> >> redirection loop.
>>> >> 2.If I leave the login page idle for some time (5 minutes
>>> or more),
>>> >> then
>>> >> I have to enter my credentials twice. i.e. when I enter
>>> userName and
>>> >> password first time no response occurs just the username
>>> and password
>>> >> fields are reset and I have to re-enter the credentials
>>> and this
>>> >> time I
>>> >> am successfully authenticated.
>>> >> 3. In IE6 Service pack 1, when I browse to a product it
>>> redirects to
>>> >> login server where I provide my credentials. After that the
>>> >> application
>>> >> redirects to the requested product and runs in an
>>> infinite loop in
>>> >> the
>>> >> product side. While it is looping if I provide the url
>>> directly
>>> >> then the
>>> >> product page is seen. This shows that in IE 6 SP1 CAS server
>>> >> authenticates the user but after redirecting to the
>>> product the
>>> >> browser
>>> >> can not open the product page.
>>> >> I need your help in this regard.
>>> >> Regards,
>>> >> Lekhnath
>>> >>
>>> >>
>>> >>
>>> >> PRIVACY NOTICE
>>> >>
>>> >> This email and any attachments may be confidential and/or
>>> >> privileged. Use of
>>> >> the information contained in this email by anyone other
>>> than the
>>> >> intended
>>> >> recipient is strictly prohibited. If you have received
>>> this email
>>> >> in error,
>>> >> please notify the sender by replying to this message and
>>> delete
>>> >> this email.
>>> >> _______________________________________________
>>> >> cas-dev mailing list
>>> >> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>> >
>>> > _______________________________________________
>>> > cas-dev mailing list
>>> > cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>>> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>>
>>>
>>> _______________________________________________
>>> cas-dev mailing list
>>> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>>
>>>
>>>
>>> _______________________________________________ cas-dev mailing
>>> list cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
>>
>>
>> PRIVACY NOTICE
>>
>> This email and any attachments may be confidential and/or
>> privileged. Use of the information contained in this email by
>> anyone other than the intended recipient is strictly prohibited.
>> If you have received this email in error, please notify the
>> sender by replying to this message and delete this email.
>>
>>
>> _______________________________________________
>> cas-dev mailing list
>> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> cas-dev mailing list
>> cas-dev at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
> ------------------------------------------------------------------------
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081206/bde36bef/attachment-0001.html
More information about the cas-dev
mailing list