Pac4j OAuth delegation: Facebook/Google link dissapears from login page when user logs in for the first time

[Yauheni Sidarenka]

Hello all,

I was testing CAS server 5.0.0RC2 when I faced an UI problem related to Pac4j delegation to Facebook and Google.

I have configured CAS server properly and usually authentication via Facebook or Gogle works fine.

But there is one strange case:

1) User goes to /cas/login -> The CAS login page appears with two links: for FB and Google (see 1.png attached)

2) User clicks on link to FB -> If user logs in for the first time, FB app will ask user to grant permissions (see 2.png attached)

3) User declines FB app request by clicking "Cancel" -> User's browser is redirected to the CAS login page, but the page does not contain a link to FB (see 3.png attached)

All three steps above reproduce issue for Google OAuth provider too.

Any suggestions how to avoid such cases?

[Jérôme LELEU]

Hi,

It seems strange: if you are not authenticated, both links should be available on the login page.

Any error in your logs?

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a9a1cd53-f6fd-4283-b423-6a796662d559%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[Yauheni Sidarenka]

Thank you, Jérôme, for responding so quickly.

Yes, there is an error in my log file:

2016-09-23 11:04:09,904 ERROR [org.apereo.cas.support.pac4j.web.flow.ClientAction] - <Cannot process client #FacebookClient# | name: FacebookClient |>

org.pac4j.core.exception.HttpAction: authentication already tried -> forbidden

at org.pac4j.core.exception.HttpAction.unauthorized(HttpAction.java:89) ~[pac4j-core-1.9.1.jar:?]

at org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:74) ~[pac4j-core-1.9.1.jar:?]

at org.apereo.cas.support.pac4j.web.flow.ClientAction.prepareForLoginPage(ClientAction.java:161) ~[cas-server-support-pac4j-5.0.0.RC2.jar:5.0.0.RC2]

at org.apereo.cas.support.pac4j.web.flow.ClientAction.doExecute(ClientAction.java:128) ~[cas-server-support-pac4j-5.0.0.RC2.jar:5.0.0.RC2]

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_60]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_60]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_60]

at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_60]

at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at com.sun.proxy.$Proxy144.launchExecution(Unknown Source) ~[?:?]

at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:263) ~[spring-webflow-2.4.4.RELEASE.jar:2.4.4.RELEASE]

at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) ~[servlet-api.jar:?]

at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) ~[servlet-api.jar:?]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-websocket.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55) ~[spring-boot-1.4.0.RELEASE.jar:1.4.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apereo.cas.web.support.CurrentCredentialsAndAuthenticationClearingFilter.doFilter(CurrentCredentialsAndAuthenticationClearingFilter.java:28) ~[cas-server-core-web-5.0.0.RC2.jar:5.0.0.RC2]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) ~[cas-server-security-filter-2.0.6.jar:2.0.6]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238) ~[cas-server-security-filter-2.0.6.jar:2.0.6]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62) ~[inspektr-common-1.5.GA.jar:1.5.GA]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:105) ~[spring-boot-actuator-1.4.0.RELEASE.jar:1.4.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:90) ~[cas-server-core-logging-5.0.0.RC2.jar:5.0.0.RC2]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:107) ~[spring-boot-actuator-1.4.0.RELEASE.jar:1.4.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119) ~[spring-boot-1.4.0.RELEASE.jar:1.4.0.RELEASE]

at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:61) ~[spring-boot-1.4.0.RELEASE.jar:1.4.0.RELEASE]

at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:94) ~[spring-boot-1.4.0.RELEASE.jar:1.4.0.RELEASE]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:112) ~[spring-boot-1.4.0.RELEASE.jar:1.4.0.RELEASE]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.6.2.jar:2.6.2]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) ~[catalina.jar:8.0.30]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) ~[catalina.jar:8.0.30]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) ~[catalina.jar:8.0.30]

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) ~[catalina.jar:8.0.30]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) ~[catalina.jar:8.0.30]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521) ~[catalina.jar:8.0.30]

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096) ~[tomcat-coyote.jar:8.0.30]

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674) ~[tomcat-coyote.jar:8.0.30]

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) ~[tomcat-coyote.jar:8.0.30]

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) ~[tomcat-coyote.jar:8.0.30]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_60]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_60]

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:8.0.30]

at java.lang.Thread.run(Thread.java:745) [?:1.8.0_60]

2016-09-23 11:04:09,960 ERROR [org.springframework.boot.web.support.ErrorPageFilter] - <Cannot forward to error page for request [/login] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false>

Also you may notice some extra parameters for /login URL in browser's address bar in the picture 3.png.

Regards,

Yauheni

On Thursday, September 22, 2016 at 9:46:20 PM UTC+3, leleuj wrote:

Hi,

It seems strange: if you are not authenticated, both links should be available on the login page.

Any error in your logs?

Thanks.

Best regards,

Jérôme

2016-09-22 16:47 GMT+02:00 Yauheni Sidarenka <yauheni_...@pubget.com>:

Hello all,

I was testing CAS server 5.0.0RC2 when I faced an UI problem related to Pac4j delegation to Facebook and Google.

I have configured CAS server properly and usually authentication via Facebook or Gogle works fine.

But there is one strange case:

1) User goes to /cas/login -> The CAS login page appears with two links: for FB and Google (see 1.png attached)

2) User clicks on link to FB -> If user logs in for the first time, FB app will ask user to grant permissions (see 2.png attached)

3) User declines FB app request by clicking "Cancel" -> User's browser is redirected to the CAS login page, but the page does not contain a link to FB (see 3.png attached)

All three steps above reproduce issue for Google OAuth provider too.

Any suggestions how to avoid such cases?

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Jérôme LELEU]

Hi,

After fixing the demo, I've made a few tests, but I'm not able to generate this kind of error.

Can you share the flow of HTTP requests / responses?

Thanks.

Best regards,

Jérôme

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/86f7cf48-4fed-47ce-bb8a-577c873535f4%40apereo.org.

[Yauheni Sidarenka]

Hello,

I am not sure I can do it easily, because I don't see URLs in CAS log files, but I will try using Tomcat's log files.
It will take me a few minutes.

Regards,
Yauheni

[Yauheni Sidarenka]

So, I have tried and here is what I have got.
Please note that:
1. All static resources are omitted.
2. FB client id was erasured for security reasons.
3. The name of my computer was also changed for the same reasons.
Precodintions: user is logged in on Facebook site and does not have application in Settings -> Apps

I am trying to open my casified application via browser.

Tomcat's log on the client side:

192.168.56.1 - - [27/Sep/2016:16:08:51 +0300] "GET /my-app-ui HTTP/1.1" 302 -

Tomcat's log on the CAS side:

192.168.56.1 - - [27/Sep/2016:16:08:51 +0300] "GET
/cas/login?service=http%3A%2F%2Fmymachine.mycompany.com%3A8081%2Fmy-app-ui%2Fj_spring_cas_security_check
 HTTP/1.1" 200 12831

CAS login page appears. Click on FB link.

FB side (from browser's address bar):

https://www.facebook.com/v2.5/dialog/oauth?client_id=181149**********&redirect_uri=https%3A%2F%2Fmymachine.mycompany.com%3A8445%2Fcas%2Flogin%3Fclient_name%3DFacebookClient&scope=public_profile%2Cemail&state=3a387ad988

A pop-up window appears as in the picture 2.png. Click "Cancel".

Tomcat's log on the CAS side:

192.168.56.1 - - [27/Sep/2016:16:13:29 +0300] "GET
/cas/login?client_name=FacebookClient&error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied&state=3a387ad988
 HTTP/1.1" 200 9813

That's it! We are on the CAS login page and FB link has disappeared as in the picture 3.png.

Regards,
Yauheni

[Misagh Moayyed]

Is this also something you can duplicate with RC3-SNAPSHOT?

-- 
Misagh

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/33769640-b1be-4a09-806f-cafd842d02cf%40apereo.org.

[Yauheni Sidarenka]

Dear Misagh,

I have tried to reproduce by steps mentioned above and original issue has disappeared.
But, unfortunately, I have a new one: a new error page does not have values in the table (see 4.png attached for Facebook use case and 5.png -  for Google use case).

I have had a look at your recent commit in master branch, so please be noticed that there is a difference in browser's address bar between Facebook and Google use cases.

One more thing. I have a new error message in the log file, the same for both use cases:

2016-09-28 09:05:08,228 ERROR [org.springframework.boot.web.support.ErrorPageFilter] - <Cannot forward to error page for request [/login] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false>

And the least important issue is when I click "Login Again" button and then log in via Facebook/Google successfully, CAS will not redirect me to the service that initiated login flow. As I can see CAS behaves in this way because it do not care about "service" parameter in this scenario and I believe this will be fixed or improved.

Regards,
Yauheni

[Misagh Moayyed]

Thanks for trying this out. A few things:

1. Know nothing about WebSphere. That bit is mostly on you to figure out, since I can’t duplicate this Tomcat, Jetty or Undertow, unless you’ve got something else in your config I don’t know about.

2. You do need to step through the code to figure out what the table ends up empty, since this is also something I can’t duplicate.

3. You are welcome to make changes to the UI to make that “Login Button” go anywhere you like.

-- 
Misagh

From: Yauheni Sidarenka <yauheni_...@pubget.com>
Reply: Yauheni Sidarenka <yauheni_...@pubget.com>

Date: September 28, 2016 at 1:14:43 PM
To: CAS Community <cas-...@apereo.org>

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b10f2282-4c9c-41fc-ab56-a045f23a241a%40apereo.org.

[Jérôme LELEU]

Hi,

I just tested the use case where you click on the "Cancel" button and cannot reproduce the issue either.

Thanks.

Best regards,

Jérôme

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b10f2282-4c9c-41fc-ab56-a045f23a241a%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

--

You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57eb93e0.73089ec0.d199%40unicon.net.

[Yauheni Sidarenka]

Hello,

I do apologize because I did not point out that I used external Tomcat container for CAS, not embedded one. I have just tried to run CAS using

java -jar cas/build/libs/cas.war

from CAS Gradle Overlay project dir as mentioned here and it works well (except Google use case, because org.apereo.cas.web.flow.Pac4jErrorViewResolver checks that all three error parameters are specified but Google returns only one of them, "error").

Thank you for wasting your time. I think this issue is turning into a real pain in the neck for you. Sorry for that.

Unfortunately, I had to deploy CAS on external Tomcat 8.0.30 with Java 8u60. I have even tried to deploy on version 8.5.5, but again there is no table with error description.
On the other hand, with the latest 5RC3 snapshot build the error table disappears at all and it is better than an empty table.

I tried to debug CAS application and I set breakpoint in Pac4jErrorViewResolver class, but it was not reached in both use cases for both versions of external Tomcat.

Also I have tried to deploy on Jetty with

jetty_base=%jetty_home%\cas

just putting cas.war in %jetty_base%\webapps with enabled http module (java -jar $JETTY_HOME/start.jar --add-to-startd=http,deploy), but I failed :). Maybe I should dig deeper into the Jetty's documentation.

Regards,
Yauheni

On Thursday, September 29, 2016 at 12:17:35 PM UTC+3, leleuj wrote:

Hi,

...