CAS and Windows 10

[Colin Wilkinson]

Guys,

We have had a strange problem that took us most of the week to realise that there looks to be a real weird issue with access CAS from a windows 10 device. When accessing CAS from a Windows 10 devices through a browser it executes the login flow twice. This means you loose all attributes including service.

The problem only exists when you open the browser from fresh, no other instances of the browser running. Once you have access CAS once the flow works as expected only runs once. From a fresh instances the flow runs twice.

Has any else experienced this. From windows 7 it works as expected.

Regards,

Colin

[Jeffrey Wong]

Probably best to also note your browser version(s), CAS version, and if you have any customizations. I've hit some really interesting things on IE, in which the login flow fails to execute if there's a malformed HTML element.

[Colin Wilkinson]

There are some customisations to the login flow, but we striped the login flow back to what is working in production and noticed it was running the login flow effectively twice. The second running is a problem because the URL does not including any of the query parameters.

The login has been customised with the following customisations

1. Enabled CAS Spnego
2. Enable IP based range check
3. Added a query parameter filter check to force to login page if provided. A second button has been added to the uPortal page to provide this parameter. Currently for students spnego is not enabled.

As stated this is only an issue with connections coming from Windows 10. We have been using this setup through out our development, testing and UAT environment through Windows 7 with out any hassles.

CAS software version CAS 4.1.7

Browser version are the following and all do the same thing,

Internet Explorer 11

Edge 14

Chrome 54

Firefox 50.0.2

[Kartik Mehta]

I recently faced the same issue, and traced it to our customized casLoginView.jsp. It had an img tag pointing to a non-existent image file. This caused the image tag to reload the page (similar to what is pointed out here - https://www.bennadel.com/blog/2236-empty-src-and-url-values-can-cause-duplicate-page-requests.htm )

Any chance of a missing image file in your Windows 10 environment, in case you have customized casLoginView.jsp (or any of the jsps it includes)

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ae8f8950-e41f-486a-a3ff-dd49120e7a0d%40apereo.org.

[Colin Wilkinson]

Hi Kartik,

Thanks for the Help information we have noticed dev server is working correctly, but test, uat and prod and working incorrect. May be something is missing.

Regards,

Colin

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Colin Wilkinson]

Hi Kartik,

Greatly appreciated there is an issue with top.jsp page that gets imported into casLoginView.jsp. We have custom JavaScript file being imported that is working fine in DEV but in all other regions its not coming through correct.

In DEV it shows up as

<script type="text/javascript" src="/cas/themes/VU/js/common_rosters.js"></script>

In TEST, UAT and PROD

<script type="text/javascript" src="/cas/themes/VU/js/;jsessionid=C3E9287D86953890EDD2BFDD3770B038common_rosters.js"></script>

As you can clearly see there has been inject of the jsessionid. The jsession Id also appears on the "standard.custom.css.file". I have tweaked our settings rather than pass the directory location pass the directory location and file, so that jsessionid appears at the end at least.