Hi Arnold and all, I have find the bug and submitted the PR, thanks for the information!
For the bug detail see: https://github.com/apereo/cas/pull/3664 Cheers! - Andy On Monday, 19 November 2018 18:46:01 UTC+8, Bergner, Arnold wrote: > > Hi Andy, > > > > I found the same problem migrating from 5.2 to 5.3. For me, the redirect > after consent was to {cas.url}/{SAML-Service-ID}. I haven’t looked into it > yet, but there might be some confusion evaluating the correct callback > endpoint. Notice that after consent, the request will go to the internal > callback service, including a cas ticket. Consent has the problem of > handling consent for the SAML-service, which is a different attribute than > the service redirected to. These should be two different flow attributes. > > > > Regards, > > Arnold > > > > *Von:* [email protected] <javascript:> [mailto:[email protected] > <javascript:>] *Im Auftrag von *Andy Ng > *Gesendet:* Montag, 19. November 2018 09:51 > *An:* CAS Community <[email protected] <javascript:>> > *Betreff:* [cas-user] CAS 5.3.x [SAML] + [Attribute Consent] seems not > working + my workaround > > > > Hi all, > > > > I have been testing [*SAML*] + [*Attribute Consent*] behavior, and I > found that it works on CAS 5.2.x but *not working* on CAS 5.3.x by > default. > > > > *CAS 5.2.x Behavior:* > 1. Initialized Login with SAML > 2. Login > 3. Show attribute consent page > > 4. Click confirm (With consent set to Attribute Name and save for 30 > seconds) > 5. Continue with SAML flow > 6. Login Success > > *CAS 5.3.x Behavior:* > 1. Initialized Login with SAML > > 2. Login > > 3. Show attribute consent page > > 4. Click confirm (With consent set to Attribute Name and save for 30 > seconds) > 5. Failed to continue SAML flow, it will instead go to the service with a > ticket param (e.g. if service is https://www.example.com/saml, it have > returned https://www.example.com/saml*?ticket=ST-ASDASDASD* > <https://www.example.com/saml?ticket=ST-ASDASDASD>) > 6. Reinitilzed login with SAML / Refresh the page > 7. Login Success > > *A workaround I found that will make CAS 5.3.x also worked:* > > I currently need to do the following to make it worked. > > - There is a post form in the casConsentView.html, normally, pressing > submit button will submit the form. > > - *Instead of form submit, I change it to async post using javascript* > > - Then, I *follow up with a page refresh*, so now it is like > reinitialized the SAML flow > > - Hence redirect to after consent will be executed > > > > > > My CAS is fill with other legacy customization so I reckon it might be my > only problem, but if anybody else also faced this problem and / or know how > to fix this, > > then it would be wonderful, thanks! > > > > Cheers! > > - Andy > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/801c6665-52dc-4814-a14b-bea5cb005773%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/801c6665-52dc-4814-a14b-bea5cb005773%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0fdd8552-9da5-48b6-88a6-209b3f9fe1bd%40apereo.org.
