Hi Arnold,
Thanks for the information!
My CAS is setup for everything return pretty much the same returned
attributes, so I didn't notice the different in attributes returned.
> there might be some confusion evaluating the correct callback endpoint
Yes I thought so. If I have time I will go ahead and find what's wrong with
the code, otherwise I might just settles for some lousy code for now...
Cheers!
- Andy
On Monday, 19 November 2018 18:46:01 UTC+8, Bergner, Arnold wrote:
>
> Hi Andy,
>
>
>
> I found the same problem migrating from 5.2 to 5.3. For me, the redirect
> after consent was to {cas.url}/{SAML-Service-ID}. I haven’t looked into it
> yet, but there might be some confusion evaluating the correct callback
> endpoint. Notice that after consent, the request will go to the internal
> callback service, including a cas ticket. Consent has the problem of
> handling consent for the SAML-service, which is a different attribute than
> the service redirected to. These should be two different flow attributes.
>
>
>
> Regards,
>
> Arnold
>
>
>
> *Von:* [email protected] <javascript:> [mailto:[email protected]
> <javascript:>] *Im Auftrag von *Andy Ng
> *Gesendet:* Montag, 19. November 2018 09:51
> *An:* CAS Community <[email protected] <javascript:>>
> *Betreff:* [cas-user] CAS 5.3.x [SAML] + [Attribute Consent] seems not
> working + my workaround
>
>
>
> Hi all,
>
>
>
> I have been testing [*SAML*] + [*Attribute Consent*] behavior, and I
> found that it works on CAS 5.2.x but *not working* on CAS 5.3.x by
> default.
>
>
>
> *CAS 5.2.x Behavior:*
> 1. Initialized Login with SAML
> 2. Login
> 3. Show attribute consent page
>
> 4. Click confirm (With consent set to Attribute Name and save for 30
> seconds)
> 5. Continue with SAML flow
> 6. Login Success
>
> *CAS 5.3.x Behavior:*
> 1. Initialized Login with SAML
>
> 2. Login
>
> 3. Show attribute consent page
>
> 4. Click confirm (With consent set to Attribute Name and save for 30
> seconds)
> 5. Failed to continue SAML flow, it will instead go to the service with a
> ticket param (e.g. if service is https://www.example.com/saml, it have
> returned https://www.example.com/saml*?ticket=ST-ASDASDASD*
> <https://www.example.com/saml?ticket=ST-ASDASDASD>)
> 6. Reinitilzed login with SAML / Refresh the page
> 7. Login Success
>
> *A workaround I found that will make CAS 5.3.x also worked:*
>
> I currently need to do the following to make it worked.
>
> - There is a post form in the casConsentView.html, normally, pressing
> submit button will submit the form.
>
> - *Instead of form submit, I change it to async post using javascript*
>
> - Then, I *follow up with a page refresh*, so now it is like
> reinitialized the SAML flow
>
> - Hence redirect to after consent will be executed
>
>
>
>
>
> My CAS is fill with other legacy customization so I reckon it might be my
> only problem, but if anybody else also faced this problem and / or know how
> to fix this,
>
> then it would be wonderful, thanks!
>
>
>
> Cheers!
>
> - Andy
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/801c6665-52dc-4814-a14b-bea5cb005773%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/801c6665-52dc-4814-a14b-bea5cb005773%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2a81732c-f463-4a36-afe6-26a60d4e5c39%40apereo.org.
