CAS 5.0.5 password warning login?execution= too long for Windows IE/Edge browsers
69 views
Skip to first unread message
Duane Booher
Aug 18, 2017, 5:42:54 PM8/18/17
to CAS Community
We have cas.authn.ldap[0].passwordPolicy.warningDays=5 firing a password change warning from casLoginMessageView.html
When we press continue, then the URL fires with login?execution=... being too long for the Windows IE/Edge browsers.
It works for all of the other host browsers, are there any alternatives to this?
Duane
Duane Booher
Aug 18, 2017, 5:56:00 PM8/18/17
to CAS Community
Further clarification, when the continue button work with the other browsers the url length is approximately 19k. However with the Windows IE and Edge browsers, the url is cut off at around 10k.
We are closing in on a CAS5 production deployment, any suggestions?
Uxío Prego
Aug 19, 2017, 9:04:51 AM8/19/17
to CAS Community
So lengthy HTTP GET URLs are anti pattern.
I guess this advice will not be useful to you, but for other people could do.
If you absolutely are to stick with those huge URLs and GET methods, and you
have access to the source code of both software ends, you can easily do by
creating an informal GUID on the calling site, storing the parameters in a data
base, any type fits, do the call passing only the key, fetching the parameters
from the data base on the called software that knows the key now, removing them
from data base after fetching them, finally using the fetched parameters like
if those had been passed normally via HTTP.
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57de93e6-e186-4555-bdd8-0f7863e6b0aa%40apereo.org.
I guess this advice will not be useful to you, but for other people could do.
If you absolutely are to stick with those huge URLs and GET methods, and you
have access to the source code of both software ends, you can easily do by
creating an informal GUID on the calling site, storing the parameters in a data
base, any type fits, do the call passing only the key, fetching the parameters
from the data base on the called software that knows the key now, removing them
from data base after fetching them, finally using the fetched parameters like
if those had been passed normally via HTTP.
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57de93e6-e186-4555-bdd8-0f7863e6b0aa%40apereo.org.
Duane Booher
Aug 21, 2017, 4:44:15 PM8/21/17
to CAS Community
We are noticing in casLoginMessageView.html builds the url with:
login?execution=${flowExecutionKey},_eventId=proceed
Is there anyway to shorten this ${flowExecutionKey} value? We are looking at the CAS server code at possible creative solutions.
BTW, all browser including the mobile browsers support the larger URL lengths except for both Windows IE and Edge which truncate url at 10k.
On Friday, August 18, 2017 at 2:42:54 PM UTC-7, Duane Booher wrote:
Misagh Moayyed
Aug 21, 2017, 5:04:14 PM8/21/17
to cas-...@apereo.org
Is there a reason you're on 5.0.5 and not the latest 5.0.x?
--Misagh
From: "Duane Booher" <dd...@nau.edu>
To: "CAS Community" <cas-...@apereo.org>
Sent: Monday, August 21, 2017 1:44:15 PM
Subject: [cas-user] Re: CAS 5.0.5 password warning login?execution= too long for Windows IE/Edge browsers
To: "CAS Community" <cas-...@apereo.org>
Sent: Monday, August 21, 2017 1:44:15 PM
Subject: [cas-user] Re: CAS 5.0.5 password warning login?execution= too long for Windows IE/Edge browsers
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bc063ced-ab35-4174-8a40-a4fbd7c6acc6%40apereo.org.
Duane Booher
Aug 21, 2017, 7:20:44 PM8/21/17
to CAS Community
The cas/proxy issue set us backwards to CAS 5.0.5. See my posting on the CAS developer group which I have just updated. We need cas/proxy to get our applications through the CAS login process in order to verify if the long URL issue with either of these later releases.
On Friday, August 18, 2017 at 2:42:54 PM UTC-7, Duane Booher wrote:
Raymond Drew Walker
Aug 22, 2017, 12:46:00 AM8/22/17
to cas-...@apereo.org
Multiple reasons:
- Issues with cas/proxy in multiple higher 5.0.x versions: https://groups.google.com/a/apereo.org/forum/#!topic/cas-dev/bgrQes6ZqRE
- Requirements of additional custom webflow/module (still trying to identify developer/community expectations in keeping modules “modular”) https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/module/cas-user/naDKqPzSWJA/z1DjX0dlCQAJ
- Custom theming requirements (our current ui/ux “in-sourcing” mechanism is not timely if the work needs to be redone multiple times)
In addition:
There are still other outstanding issues with 5.0.x & DuoSecurity I’m not sure where to report it as a bug (is it core cas, maven overlay, or?): https://groups.google.com/a/apereo.org/forum/#!searchin/cas-dev/duosecurity/cas-dev/nFCGztzG3Uo/oVX1XpzEBQAJ
—
Raymond Walker
Software Systems Engineer StSp.
ITS Northern Arizona University
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/109896121.4124684.1503349450575.JavaMail.zimbra%40unicon.net.
Misagh Moayyed
Aug 22, 2017, 10:31:40 AM8/22/17
to cas-...@apereo.org
I recommend you review, diagnose and fix the proxy issue first, instead of falling back to an older version. Start there, and then post a pull request when you have stepped into the code and found the problem.
--Misagh
Sent: Monday, August 21, 2017 4:20:43 PM
Subject: [cas-user] Re: CAS 5.0.5 password warning login?execution= too long for Windows IE/Edge browsers
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c91b70d6-b548-4b5b-9923-3d2c5b07b90f%40apereo.org.
Raymond Drew Walker
Aug 22, 2017, 12:45:53 PM8/22/17
to cas-...@apereo.org
Why are you asking CAS users to become developers & closing out their bug submits?
—
Raymond Walker
Software Systems Engineer StSp.
ITS Northern Arizona University
From: <cas-...@apereo.org> on behalf of Misagh Moayyed <mmoa...@unicon.net>
Reply-To: "cas-...@apereo.org" <cas-...@apereo.org>
Date: Tuesday, August 22, 2017 at 7:31 AM
To: "cas-...@apereo.org" <cas-...@apereo.org>
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1874611901.4153248.1503412297641.JavaMail.zimbra%40unicon.net.
Duane Booher
Sep 5, 2017, 2:40:56 PM9/5/17
to CAS Community
I wanted to update the community that we were able to fix this long url issue by grabbing latest 5.0.x version of casLoginMessageView.html where a GET was changed to a POST.
On Friday, August 18, 2017 at 2:42:54 PM UTC-7, Duane Booher wrote:
Reply all
Reply to author
Forward
0 new messages