CAS 7x / 66x SSO war cookie Thymeleaf template “casConfirmView” error solution
69 views
Skip to first unread message
Luís Costa
Nov 21, 2024, 2:59:24 PM11/21/24
to CAS Community
Hello CAS Community,
This entry is more about the solution than about the problem.
I’ve implemented the “SSO Warning Session Cookie”, described in CAS 7.2.x docs (https://apereo.github.io/cas/development/authentication/Configuring-SSO-Warning-Cookie.html), in my CAS 66x server, by doing the following:
1) Configured SSO Warning Session Cookie properties at cas.properties
2) Added the html input described in the following CAS 4.2 documentation in /login/casConfirmView.html Thymeleaf template
<input id="warn" name="warn" value="true" tabindex="3" accesskey="A" type="checkbox">
https://unicon.github.io/cas/4.2.x/installation/User-Interface-Customization.html#warning-before-accessing-application
3) Restarted my CAS server
After the steps above, while testing this feature, I’ve had a problem.
After hitting the “Warn me!” check box on login page, authenticating with success and correctly navigating to the casConfirmView page, I became stuck at that page. Every attempt to hit continue caused the same page to be displayed.
After a lot of debug and after analyzing the CAS login web flow, with the /actuator/springWebflow URL, I noticed that the showWarningView state was not returning the expected “success”, stopping the flow from correctly transitioning to the finalizeWarning state.
Based on that observation, and after adding the following html input
<input type="hidden" name="_eventId" value="success" />
to the /login/casConfirmView.html Thymeleaf template, inside the existing html <form>, the flow now seems to work well, I think this missing input was a CAS 7x / 66x bug.
Altough this feature has the following automated test
https://github.com/apereo/cas/blob/39a80823bf29abcd3b1e08b63a2207728e006e49/support/cas-server-support-actions/src/test/java/org/apereo/cas/web/flow/ServiceWarningActionTests.java#L34
which I suppose is passing, I think this feature wasn’t tested manually (there is no warn checkbox on default casLoginView.html template / loginform.html fragment), and because of that, this missing <input type="hidden" name="_eventId" value="success" /> issue wasn’t found.
Again, I’m not asking for help, just sharing this information with anyone who might find it useful.
I’m sorry for not making a pull request to CAS 7.x or CAS 6.x, to be analyzed, I don’t have that possibility right now.
Kind regards,
Luis Costa
This entry is more about the solution than about the problem.
I’ve implemented the “SSO Warning Session Cookie”, described in CAS 7.2.x docs (https://apereo.github.io/cas/development/authentication/Configuring-SSO-Warning-Cookie.html), in my CAS 66x server, by doing the following:
1) Configured SSO Warning Session Cookie properties at cas.properties
2) Added the html input described in the following CAS 4.2 documentation in /login/casConfirmView.html Thymeleaf template
<input id="warn" name="warn" value="true" tabindex="3" accesskey="A" type="checkbox">
https://unicon.github.io/cas/4.2.x/installation/User-Interface-Customization.html#warning-before-accessing-application
3) Restarted my CAS server
After the steps above, while testing this feature, I’ve had a problem.
After hitting the “Warn me!” check box on login page, authenticating with success and correctly navigating to the casConfirmView page, I became stuck at that page. Every attempt to hit continue caused the same page to be displayed.
After a lot of debug and after analyzing the CAS login web flow, with the /actuator/springWebflow URL, I noticed that the showWarningView state was not returning the expected “success”, stopping the flow from correctly transitioning to the finalizeWarning state.
Based on that observation, and after adding the following html input
<input type="hidden" name="_eventId" value="success" />
to the /login/casConfirmView.html Thymeleaf template, inside the existing html <form>, the flow now seems to work well, I think this missing input was a CAS 7x / 66x bug.
Altough this feature has the following automated test
https://github.com/apereo/cas/blob/39a80823bf29abcd3b1e08b63a2207728e006e49/support/cas-server-support-actions/src/test/java/org/apereo/cas/web/flow/ServiceWarningActionTests.java#L34
which I suppose is passing, I think this feature wasn’t tested manually (there is no warn checkbox on default casLoginView.html template / loginform.html fragment), and because of that, this missing <input type="hidden" name="_eventId" value="success" /> issue wasn’t found.
Again, I’m not asking for help, just sharing this information with anyone who might find it useful.
I’m sorry for not making a pull request to CAS 7.x or CAS 6.x, to be analyzed, I don’t have that possibility right now.
Kind regards,
Luis Costa
Reply all
Reply to author
Forward
0 new messages