Hi, community We are using CAS as an SP (using pac4j) and delegating the authentication to an IdP. We have this configured: cas.authn.pac4j.autoRedirect=true so the flow will not stop at the CAS login page. We are using CAS 5.1.8
So the flow is: A user clicked a CAS client, redirected to CAS, redirected to IdP for login. After successfully logged-in to the IdP, the user (should) redirected to the CAS client. We have it working but randomly the user is ended at the CAS successful login page (which confused the user). CAS redirected the user to send an AuthnRequest to IdP: <saml2p:AuthnRequest AssertionConsumerServiceURL=" https://my.edu/cas/login?client_name=SAML2Client"; Destination="https:/ my.edu/sso/SSORedirect/metaAlias/usfca-sb/idp" ForceAuthn="false" ID="_fv6mluvdxnozugdvd9fielq8xpjiuf87bujvcep" IsPassive="false" IssueInstant="2018-03-29T19:46:56.082Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://my.edu/cas-sp </saml2:Issuer> </saml2p:AuthnRequest> with a RelayState: https://my.edu/cas/login?client_name=SAML2Client (same as ACS) IdP redirected the user (browser) to POST an AuthnReponse back to CAS at https://my.edu/cas/login?client_name=SAML2Client (ACS) at this point: 1. sometimes the browser received a 302 response code with Location: CAS-Client/apps/?ticket=ST-30-FOAfm3AOLbQLshnIdyZd-ip-10-255-0-10, therefore the CAS client validates the ticket with CAS server and ends up with the CAS client landing page. 2. sometimes the browser received a 200 response code and therefore stay at this URL https://my.edu/cas/login?client_name=SAML2Client and display the CAS successful login page which we don't want. Reading further I found, at this point, the CAS client didn't establish an SSO session yet. Any help and/or pointer is appreciated Thanks in advance, Thai Nguyen -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0202593-d900-414e-8605-be0c5f065644%40apereo.org.
