Authentication issue on Safari
32 views
Skip to first unread message
Giuseppe Di Marzo
Dec 22, 2021, 12:25:50 PM12/22/21
to CAS Community
We have an authentication issue on CAS 6.2 on Safari browsers, more generally on iOS devices.
Each client has correctly configured its own iframe and customizations on the service part on CAS.
The federated sites all have different domains and all call the same server:
www.mysite1.com -> CAS.casdomain.com/cas/login...
www.mysite2.com -> CAS.casdomain.com/cas/login...
....
www.mysiteN.com -> CAS.casdomain.com/cas/login...
SSO works perfectly as long as the user is not using an iPad or iPhone. In this case the default "prevent cross-site checking" setting is disabled and does not allow the iframe to set the cookie correctly.
How can I fix this on the server side? Is it possible to manage the virtual hosts on Tomcat on the CAS Server or is there an alternative solution?
In fact I was thinking to configure the virtual hosts so that each site calls the CAS with the same domain:
www.mysite1.com -> CAS.mysite1.com/cas/login...
www.mysite2.com -> CAS.mysite2.com/cas/login...
....
www.mysiteN.com -> CAS.mysiteN.com/cas/login...
and properly configuring Tomcat to redirect each call to the same CAS application.
Thank you very much
Giuseppe
Translated with www.DeepL.com/Translator (free version)
Each client has correctly configured its own iframe and customizations on the service part on CAS.
The federated sites all have different domains and all call the same server:
www.mysite1.com -> CAS.casdomain.com/cas/login...
www.mysite2.com -> CAS.casdomain.com/cas/login...
....
www.mysiteN.com -> CAS.casdomain.com/cas/login...
SSO works perfectly as long as the user is not using an iPad or iPhone. In this case the default "prevent cross-site checking" setting is disabled and does not allow the iframe to set the cookie correctly.
How can I fix this on the server side? Is it possible to manage the virtual hosts on Tomcat on the CAS Server or is there an alternative solution?
In fact I was thinking to configure the virtual hosts so that each site calls the CAS with the same domain:
www.mysite1.com -> CAS.mysite1.com/cas/login...
www.mysite2.com -> CAS.mysite2.com/cas/login...
....
www.mysiteN.com -> CAS.mysiteN.com/cas/login...
and properly configuring Tomcat to redirect each call to the same CAS application.
Thank you very much
Giuseppe
Translated with www.DeepL.com/Translator (free version)
Reply all
Reply to author
Forward
0 new messages