I am also facing the same issue. I am using OKTA as authenticator so when I try to login and the browser redirects to okta login page, if I wait 2 minutes and then provide my credentials, then the JSESSION changes resulting in loosing the destination service and redirecting to cas default page. If I provide immediate the credentials, then there is no issue.
I am using cas 5.2.9 and Tomcat/8.5.35 Do you recommend to upgrade tomcat? Can I do it by keeping the same cas version? On Sunday, March 28, 2021 at 6:20:58 PM UTC+3 [email protected] wrote: > Hi Andy, your idea of using the Chrome throttling, somehow led us to the > idea of "could it be a Tomcat issue?". Then we tested with an embedded one > we had and the issue did not occur, and it was a newer version. Next step > was to update the older Tomcat and that's it! > > El domingo, 28 de marzo de 2021 a las 0:25:56 UTC-3, Andy Ng escribió: > >> Hello, >> >> Nice to hear that the Chrome throttling idea leader to new discovery. >> >> It seems like this post might describe your issue: >> https://support.f5.com/csp/article/K85361055 >> >> It specifically said upgrading to at least 9.0.34 or above can solve the >> issue, so that's excluding your previous 9.0.33 which is possible why it >> have the issue. >> >> Cheers, >> Andy >> >> On Saturday, 27 March 2021 at 07:12:00 UTC+8 [email protected] wrote: >> >>> Finally after doing some research we updated the Tomcat from v9.0.33 to >>> 9.0.43 and the issue seems to be solved. At least we tested with one >>> particular user that was having this problem almost all the time, and with >>> the Chrome throttling and we couldn't reproduce it again. >>> >>> El viernes, 26 de marzo de 2021 a las 11:27:15 UTC-3, Nicolás López >>> escribió: >>> >>>> Additional information: using the Chrome throttling, with a custom >>>> profile entering ANY value for the upload speed (even 100Mb) the issue can >>>> be reproduced. >>>> >>>> Can anybody please test if it happens under this scenario? >>>> >>>> El viernes, 26 de marzo de 2021 a las 10:19:48 UTC-3, Nicolás López >>>> escribió: >>>> >>>>> If I use the 3G throttling in Chrome for log in I can reproduce the >>>>> issue consistently...now what should I do with this information? :D >>>>> Using firefox, even with the GPRS profile it logs in without any >>>>> problem. >>>>> >>>>> With the throttling you can just set upload/download max speed and >>>>> latency, it looks so wierd. >>>>> >>>>> >>>>> El viernes, 26 de marzo de 2021 a las 7:01:39 UTC-3, Andy Ng escribió: >>>>> >>>>>> Hi all, >>>>>> >>>>>> I think I also am running out of idea, let see if the following would >>>>>> help identify the issue: >>>>>> >>>>>> >>>>>> 1. Would it be your firewall blocking other browser but allow >>>>>> only Firefox? >>>>>> - You said using 4G will work but Wifi will not work. Usually >>>>>> company firewall only block Wifi and not 4G, so it is a possible >>>>>> issue >>>>>> 2. CAS server and client need to have communication between them, >>>>>> good to take a look see if that is ok >>>>>> 3. Would there be a special proxy in firefox that make it a >>>>>> different browser than Chrome / Edge >>>>>> - it is normal for me to forget to turn of proxy for Firefox >>>>>> after use, maybe it is the same issue as well >>>>>> 4. If network is involved, Chrome does have a Network speed >>>>>> throttle feature, which might or might not be helpful: >>>>>> 1. Open Chome, >>>>>> 2. Press F12, >>>>>> 3. Click on "No throttling" >>>>>> 4. Select Fast 3G or other type of throttling >>>>>> 5. Well.... Sometime this type of throttling will produced >>>>>> differnet result than using just using normal network speed >>>>>> browser. If >>>>>> nothing happen then oh well >>>>>> >>>>>> See if this would helps... >>>>>> >>>>>> Cheers, >>>>>> Andy >>>>>> On Friday, 26 March 2021 at 16:49:18 UTC+8 Florent Vallée wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> We tried the 2 solutions but none worked. We don't have any issues >>>>>>> if we're connected on wifi, we only have the issue with 4G connection >>>>>>> (smartphone with 4G or on computer with 4G shared connection) >>>>>>> We tried with version 6.1, 6.2 and 6.3. >>>>>>> Any other ideas ? >>>>>>> We are desperate. >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Florent >>>>>>> >>>>>>> >>>>>>> ------------------------------ >>>>>>> *De: *"Andy Ng" <[email protected]> >>>>>>> *À: *"CAS Community" <[email protected]> >>>>>>> *Cc: *"[email protected]" <[email protected]>, "jrautureau" < >>>>>>> [email protected]> >>>>>>> *Envoyé: *Jeudi 25 Mars 2021 02:44:03 >>>>>>> >>>>>>> *Objet: *Re: [cas-user] Problem with CAS 6.2.6 >>>>>>> Hi all, >>>>>>> On our side we are using 6.2.x and in production, no such problem >>>>>>> observed. >>>>>>> >>>>>>> We did implemented a customization multiple customization regarding >>>>>>> cookies, which are: >>>>>>> >>>>>>> - Samesite = None >>>>>>> - 3rd party cookie >>>>>>> >>>>>>> Since I cannot reproduce the issue now, if anybody is free please >>>>>>> help try the following verification method to identify the issue: >>>>>>> >>>>>>> *Note: Just throwing some idea out here, it might not work but I >>>>>>> think worth some testing* >>>>>>> >>>>>>> *For Samesite=None:* >>>>>>> I made a post a while ago regarding this and the code needed for the >>>>>>> fix, so not reposting again. >>>>>>> >>>>>>> For some additional reading what is samesite=None, and code to fix >>>>>>> the issue, see this: >>>>>>> https://www.chromium.org/updates/same-site/incompatible-clients >>>>>>> >>>>>>> For checking if this is indeed the issue, try the following (After >>>>>>> enabled only visit trusted website, and rollback immediately is >>>>>>> recommended): >>>>>>> >>>>>>> 1. Open Chrome: >>>>>>> 2. Go to chrome://flags/ >>>>>>> 3. Search "samesite" >>>>>>> 4. Set all 3 items to "Disabled" >>>>>>> 5. Restarts >>>>>>> 6. Try to login again, see if issue is solve >>>>>>> 7. Rememeber to go back to chrome://flags/ and restore setting >>>>>>> after testing >>>>>>> >>>>>>> *For 3rd party cookie:* >>>>>>> This is unlikely the issue but let's also try verify it: >>>>>>> >>>>>>> 1. Open Chrome >>>>>>> 2. Go to Setting > Privacy and Security > Cookie and Site Data >>>>>>> 3. Set All cookie >>>>>>> 4. Restarts >>>>>>> 5. Try to login again, see if issue is solve >>>>>>> 6. Remember to rollback if want to >>>>>>> >>>>>>> >>>>>>> If issue indeed is one of them, can work on implementing a patch to >>>>>>> CAS to fix the issue. If not then, well I am currently out of idea... >>>>>>> >>>>>>> Regards, >>>>>>> Andy >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tuesday, 23 March 2021 at 22:19:39 UTC+8 [email protected] >>>>>>> wrote: >>>>>>> >>>>>>>> Unfortunately it did not solve the issue. But it seems to be a very >>>>>>>> old problem >>>>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=533625 >>>>>>>> Anybody else experiencing the same behaviour? >>>>>>>> >>>>>>>> >>>>>>>> El jueves, 18 de marzo de 2021 a las 11:47:34 UTC-3, Nicolás López >>>>>>>> escribió: >>>>>>>> >>>>>>>>> We are goint to try it and then will share the results. >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> El jueves, 18 de marzo de 2021 a las 4:31:40 UTC-3, jrautureau >>>>>>>>> escribió: >>>>>>>>> >>>>>>>>>> Hello >>>>>>>>>> >>>>>>>>>> Have you tried to set cas.tgc.pin-to-session to false ? >>>>>>>>>> >>>>>>>>>> We had issues on tgc cookie witch were invalidated due to network >>>>>>>>>> changes. For instance, when we switch to a new http proxy or when we >>>>>>>>>> connect to a VPN. >>>>>>>>>> >>>>>>>>>> Since the property set to false the tgc remains valid. >>>>>>>>>> >>>>>>>>>> We are using the remember me feature. >>>>>>>>>> >>>>>>>>>> Le jeu. 18 mars 2021 à 03:32, Nicolás López <[email protected]> >>>>>>>>>> a écrit : >>>>>>>>>> >>>>>>>>>>> Same issue here. Did anybody find a solution or workaround? >>>>>>>>>>> >>>>>>>>>>> El viernes, 5 de febrero de 2021 a las 7:35:18 UTC-3, >>>>>>>>>>> [email protected] escribió: >>>>>>>>>>> >>>>>>>>>>>> Same issue : >>>>>>>>>>>> https://groups.google.com/a/apereo.org/g/cas-user/c/2CVCGqJOhgE/m/OlV7o8UoAgAJ >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Any idea ? >>>>>>>>>>>> >>>>>>>>>>>> Le mardi 2 février 2021 à 14:33:21 UTC+1, Florent Vallée a >>>>>>>>>>>> écrit : >>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> >>>>>>>>>>>>> I installed a CAS server in version 6.2.7. No worries for the >>>>>>>>>>>>> connection and the connection to the different services. >>>>>>>>>>>>> We are only having a weird problem. On a computer, with Firefox >>>>>>>>>>>>> no worries, on the other hand with Chrome, Edge, etc. and even on >>>>>>>>>>>>> a smartphone with any browser, the CAS connection page loops >>>>>>>>>>>>> permanently and does not connect to the service. It sometimes >>>>>>>>>>>>> happens that by trying again 4-5 times in a row it will work but >>>>>>>>>>>>> it is very random. If we simply connect to the login page we can >>>>>>>>>>>>> connect well. >>>>>>>>>>>>> Can it be a problem with cookies management, redirects or other? >>>>>>>>>>>>> I can't find what options added in the cas.properties >>>>>>>>>>>>> Does anyone have any configuration examples? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Thank you for your help. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> *Florent * >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------ >>>>>>>>>>>>> *De: *"Ray Bon" <[email protected]> >>>>>>>>>>>>> *À: *"CAS Community" <[email protected]> >>>>>>>>>>>>> *Envoyé: *Lundi 1 Février 2021 18:24:29 >>>>>>>>>>>>> *Objet: *Re: [cas-user] Problem with CAS 6.2.6 >>>>>>>>>>>>> >>>>>>>>>>>>> Florent, >>>>>>>>>>>>> >>>>>>>>>>>>> Once you have authenticated, cas will return a TGC (ticket >>>>>>>>>>>>> granting cookie) to the browser. As long as this cookie is >>>>>>>>>>>>> active, you >>>>>>>>>>>>> should not see the log in page. >>>>>>>>>>>>> Those browsers my have some security settings that affect the >>>>>>>>>>>>> TGC. Use you developer tools to see if the TGC is being deleted >>>>>>>>>>>>> or not >>>>>>>>>>>>> sent to cas. There are some cookie setting, >>>>>>>>>>>>> https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties-Common.html#cookie-properties >>>>>>>>>>>>> and >>>>>>>>>>>>> https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties.html#ticket-granting-cookie >>>>>>>>>>>>> . >>>>>>>>>>>>> >>>>>>>>>>>>> Ray >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, 2021-02-01 at 14:19 +0100, Florent Vallée wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Notice: This message was sent from outside the University of >>>>>>>>>>>>> Victoria email system. Please be cautious with links and >>>>>>>>>>>>> sensitive >>>>>>>>>>>>> information. >>>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> I have a problem with CAS, I have access on any browser to the >>>>>>>>>>>>> authentication page and it returns me the requested attributes. >>>>>>>>>>>>> >>>>>>>>>>>>> However, when I want to connect to an authorized service, it only >>>>>>>>>>>>> works on Firefox. On Edge, Chrome this constantly returns me to >>>>>>>>>>>>> the authentication page. Anyone have any idea what the problem is? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Florent >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> >>>>>>>>>>>>> Ray Bon >>>>>>>>>>>>> Programmer Analyst >>>>>>>>>>>>> Development Services, University Systems >>>>>>>>>>>>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] >>>>>>>>>>>>> >>>>>>>>>>>>> I respectfully acknowledge that my place of work is located >>>>>>>>>>>>> within the ancestral, traditional and unceded territory of the >>>>>>>>>>>>> Songhees, >>>>>>>>>>>>> Esquimalt and WSÁNEĆ Nations. >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>>>> --- >>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c65f808fc4b75ed31cf4582b3fe872b87b9894b1.camel%40uvic.ca >>>>>>>>>>>>> >>>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c65f808fc4b75ed31cf4582b3fe872b87b9894b1.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>>>>>>>>>>>> . >>>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/22230b33-e79d-4efc-83b6-97e4969e5ef9n%40apereo.org >>>>>>>>>>> >>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/22230b33-e79d-4efc-83b6-97e4969e5ef9n%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1daeb831-124f-47bb-a8d7-2b7bbf7a0df7n%40apereo.org >>>>>>> >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1daeb831-124f-47bb-a8d7-2b7bbf7a0df7n%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/675f8070-04e8-4d84-bf81-0ef7e3628f2cn%40apereo.org.
