CAS 5.0.2 with a delegation to ADFS always redirect to ADFS and recreate a new TGC

79 views
Skip to first unread message

Steve Généreux

unread,
Feb 9, 2017, 5:26:20 PM2/9/17
to CAS Community
Hi,

We configured a CAS 5.0.2 with delegation to ADFS. The first time a user logs on to a CASsified application, the browser is redirected as expected (app --> CAS --> ADFS --> CAS --> app)

But if we try another CASsified application, the same webflow happens even though the browser has a valid TGC, and then a new TGC is issued.

It does that for every subsequent logins.  As you can imagine, it multiplies TGC for nothing because we have already a valid TGC. It also slows down the login needlessly.

Is it a bug or it's by design?

Steve

Steve Généreux

unread,
Mar 30, 2017, 9:51:18 AM3/30/17
to CAS Community
Some news?  Version 5.0.4 do the same thing..

Steve

Uxío

unread,
Mar 30, 2017, 1:09:29 PM3/30/17
to cas-...@apereo.org
Are you sure it is not something relating browser cookie configuration or a SSO misconfiguration in the CAS server or the CASified applications?

I would double check all the environment or get a colleague assess it in a peer review.

What you describe (SSO lost if I understand correctly) happens intermittently to some users of a CAS 3 service /me administer, which by the way its SSO can be de-configured at several levels, including even tables at the data base connected with a JpaTicketRegistry and supporting the service, for that particular 3.6 schema.

I still have not found a permanent solution, but almost always can be worked around in the final customer side clearing cookies or flip flopping 3rd party cookies allowance.

Regards,

Sent from my iPhone
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/43cbc9ff-91e7-4221-8af6-624006e996e1%40apereo.org.

Mr Rao

unread,
Apr 9, 2018, 1:31:36 AM4/9/18
to CAS Community
Hi,
did you ws-federation or SAML?

Thanks
Reply all
Reply to author
Forward
0 new messages