Redirection issues from the uPortal guest login page

50 views
Skip to first unread message

Batni, Sourabh

unread,
Jul 12, 2016, 9:50:12 AM7/12/16
to uporta...@apereo.org
We are in the process of upgrading to uPortal 4.3 and have a welcome page set up with "Sign in' links to uPortal . The welcome page serves the purpose of displaying few portlets for the unauthenticated users as well as providing the link to sign onto uPortal.

The problem we are running into is when there is a warning message generated within CAS for password getting expired within the next 30 days and the user is getting shown an intermediate page with a  warning message before being redirected to the requested service. 

In this scenario, the user is getting redirected to the welcome page again though he is having an active CAS session . This can be confirmed by the fact that if the  'Sign in" link is clicked   again , the user is correctly directed to the home dashboard. 

The flow works fine  for all the other applications which are using CAS.

We are using CAS 4.0.7 and uPortal 4.3.1​

Currently, "Sign in' links on the uPortal guest layout point to the following url
https://<cas-test-server>/cas/login?service=https://<portal-dev-server>/uPortal/Login

Also, I don't face any redirect issues if I directly paste the home dashboard url listed below within the browser and sign in.
https://<cas-test-server>/cas/login?service=https://<portal-dev-server>/uPortal/f/home/normal/render.uP


Thanks

Sourabh Batni


University Of Kansas

Andrew W Petro

unread,
Jul 12, 2016, 11:13:01 AM7/12/16
to uporta...@apereo.org

Hi Sourabh,


Guess 1:


1. CAS is generating the Service Ticket before displaying the password expiry interstitial.

2. Working through the password expiry interstitial requires nonzero time.

3. At the end of that interstitial, the service ticket the user presents to uPortal has expired, such that

4. uPortal falls back on the not-logged-in experience.


Guess 2:


Goofy CAS password expiry experience configuration such that it forgets or mangles the service URL somewhere in the flow. CAS server's understanding of the service parameter associated with a service ticket must match the CAS client's understanding of this, or ticket validation will fail.


Suggestion:


The Java CAS client and uPortal CAS support has some logging in it, as does CAS server.  Crank up the logging configuration, observe success and failure, and compare logs.


Kind regards,


Andrew




From: uporta...@apereo.org <uporta...@apereo.org> on behalf of Batni, Sourabh <s757...@ku.edu>
Sent: Tuesday, July 12, 2016 8:50 AM
To: uporta...@apereo.org
Subject: [uportal-user] Redirection issues from the uPortal guest login page
 
--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-user...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply all
Reply to author
Forward
0 new messages