Hi Andy,
I found the same problem migrating from 5.2 to 5.3. For me, the redirect after
consent was to {cas.url}/{SAML-Service-ID}. I haven’t looked into it yet, but
there might be some confusion evaluating the correct callback endpoint. Notice
that after consent, the request will go to the internal callback service,
including a cas ticket. Consent has the problem of handling consent for the
SAML-service, which is a different attribute than the service redirected to.
These should be two different flow attributes.
Regards,
Arnold
Von: [email protected] [mailto:[email protected]] Im Auftrag von Andy Ng
Gesendet: Montag, 19. November 2018 09:51
An: CAS Community <[email protected]>
Betreff: [cas-user] CAS 5.3.x [SAML] + [Attribute Consent] seems not working +
my workaround
Hi all,
I have been testing [SAML] + [Attribute Consent] behavior, and I found that it
works on CAS 5.2.x but not working on CAS 5.3.x by default.
CAS 5.2.x Behavior:
1. Initialized Login with SAML
2. Login
3. Show attribute consent page
4. Click confirm (With consent set to Attribute Name and save for 30 seconds)
5. Continue with SAML flow
6. Login Success
CAS 5.3.x Behavior:
1. Initialized Login with SAML
2. Login
3. Show attribute consent page
4. Click confirm (With consent set to Attribute Name and save for 30 seconds)
5. Failed to continue SAML flow, it will instead go to the service with a
ticket param (e.g. if service is <https://www.example.com/saml>
https://www.example.com/saml, it have returned
<https://www.example.com/saml?ticket=ST-ASDASDASD>
https://www.example.com/saml?ticket=ST-ASDASDASD)
6. Reinitilzed login with SAML / Refresh the page
7. Login Success
A workaround I found that will make CAS 5.3.x also worked:
I currently need to do the following to make it worked.
- There is a post form in the casConsentView.html, normally, pressing submit
button will submit the form.
- Instead of form submit, I change it to async post using javascript
- Then, I follow up with a page refresh, so now it is like reinitialized the
SAML flow
- Hence redirect to after consent will be executed
My CAS is fill with other legacy customization so I reckon it might be my only
problem, but if anybody else also faced this problem and / or know how to fix
this,
then it would be wonderful, thanks!
Cheers!
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected] <mailto:[email protected]> .
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/801c6665-52dc-4814-a14b-bea5cb005773%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/801c6665-52dc-4814-a14b-bea5cb005773%40apereo.org?utm_medium=email&utm_source=footer>
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/83a55a1a06e1474e8245729d948f8ded%40hrz.tu-darmstadt.de.
smime.p7s
Description: S/MIME cryptographic signature
