Login Issues with Android Apps

90 views
Skip to first unread message

Amy Colfer

unread,
Oct 3, 2025, 12:12:00 PMOct 3
to CAS Community, eugene.w...@gmail.com

Hello, we're currently experiencing issues with users logging into applications via our SSO on Android mobile devices. We're running version 7.2.7.

Attached is a screenshot of the error message that appears immediately after a user signs in—before the Duo authentication prompt is triggered.

Do you have any insights into what might be causing this?

shared image.jpg

Carl Waldbieser

unread,
Oct 3, 2025, 12:50:24 PMOct 3
to cas-...@apereo.org, eugene.w...@gmail.com
Amy,

You are probably using the default setting "cas.authn.mfa.duo[0].session-storage-type=BROWSER_STORAGE" (see https://apereo.github.io/cas/7.2.x/mfa/DuoSecurity-Authentication.html under optional settings).  You need to set cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY or maybe HTTP.

The basic issue is that the web view component presented by the Google app on Android does not have the required JavaScript features that modern browsers do, so the Duo integration fails if you try to maintain the session storage in the browser.

Thanks,
Carl Waldbieser
ITS
Lafayette College




--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67655a79-5d83-4e0f-b97d-5e2d7eef46a8n%40apereo.org.

Eugene Willis

unread,
Oct 3, 2025, 12:50:25 PMOct 3
to Carl Waldbieser, cas-...@apereo.org
Thanks Carl I will try that now! Thank you.
Sent from my iPhone

On Oct 3, 2025, at 12:26 PM, Carl Waldbieser <wald...@lafayette.edu> wrote:



Amy Colfer

unread,
Oct 3, 2025, 3:17:57 PMOct 3
to CAS Community, Carl Waldbieser, eugene.w...@gmail.com
Thanks, Carl! We're currently on version 7.2.7, and from what we've found, it looks like this feature is only available starting in 7.3. Do you happen to know of any workarounds or alternative approaches that might work without upgrading?

Carl Waldbieser

unread,
Oct 3, 2025, 3:17:57 PMOct 3
to Amy Colfer, CAS Community, eugene.w...@gmail.com
Amy,

I am on 7.1.6.2 and we use the TICKET_REGISTRY option at Lafayette College.
I am not sure how you'd otherwise work around the issue.

The docs link I sent you was for 7.2.x, so I'm a little surprised you're not able to use that feature in the 7.2.x branch.

Thanks,
Carl Waldbieser
ITS
Lafayette College


Amy Colfer

unread,
Oct 3, 2025, 4:41:04 PMOct 3
to CAS Community, Carl Waldbieser, CAS Community, eugene.w...@gmail.com, Amy Colfer
Found another chat (link below) where they had a similar issue, and they had to upgrade to 7.3. That's interesting that it's working in your environment. Thank you so much for helping us out with this! We'll let you know if we find a solution without upgrading. 

https://groups.google.com/a/apereo.org/g/cas-user/c/eS1RLy39Dds/m/Qp5llGpoCQAJ?pli=1

Jeremiah Garmatter

unread,
Oct 6, 2025, 11:01:14 AM (14 days ago) Oct 6
to CAS Community
Amy,

We had similar issues to what you described.
I can confirm the TICKET_REGISTRY setting works in 7.2.5.
I have this in cas.properties:
cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY

Amy Colfer

unread,
Oct 7, 2025, 7:17:39 PM (13 days ago) Oct 7
to CAS Community, Jeremiah Garmatter
Thank you all for your insight—you were spot on! 😊 We had implemented it, but placed it outside our MFA stanzas. Once we moved the stanza up, everything worked perfectly. Really appreciate your help!
Reply all
Reply to author
Forward
0 new messages