CAS redirect after login

[jos...@gmail.com]

I have setup canvas with our CAS server and when I login to our CAS login page I do not get redirected back to the canvas dashboard. I stay in our CAS portal.

I get the following error in the canvas error log:

category: default
created at: 2013-06-13 10:49:05 -0700
url: https://www.onlinelearning.example.com/login/cas
request context id: 76b66350-b67f-0130-c997-22000ac521ab
HTTP_ACCEPT: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
HTTP_HOST: www.onlinelearning.example.com
HTTP_USER_AGENT: Java/1.6.0_32
PATH_INFO: /login/cas
QUERY_STRING: ?
REMOTE_ADDR: 2xx.x.x.4
REQUEST_METHOD: POST
REQUEST_URI: /login/cas
SERVER_NAME: www.onlinelearning.example.com
SERVER_PORT: 443
SERVER_PROTOCOL: HTTP/1.1
format: text/html
path_parameters: {}
query_parameters: {}
request_parameters: {"logoutRequest"=>"<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"LR-8786-wCllfCViARfTMaRLtXtrjMosUFYpC546WVt\" Version=\"2.0\" IssueInstant=\"2013-06-13T13:48:22Z\"><saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-17116-G54KOUbmSdbkNdQor24N-4.a1.cas.web</samlp:SessionIndex></samlp:LogoutRequest>"}

        Only get requests are allowed.

        /var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/routing/recognition_optimisation.rb:64:in `recognize_path'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/routing/route_set.rb:442:in `recognize'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/routing/route_set.rb:437:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/dispatcher.rb:87:in `dispatch'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/dispatcher.rb:121:in `_call'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/dispatcher.rb:130:in `build_middleware_stack'
/var/lib/gems/1.8/gems/activerecord-2.3.17/lib/active_record/query_cache.rb:29:in `call'
/var/lib/gems/1.8/gems/activerecord-2.3.17/lib/active_record/query_cache.rb:29:in `call'
/var/lib/gems/1.8/gems/activerecord-2.3.17/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in `cache'
/var/lib/gems/1.8/gems/activerecord-2.3.17/lib/active_record/query_cache.rb:9:in `cache'
/var/lib/gems/1.8/gems/activerecord-2.3.17/lib/active_record/query_cache.rb:28:in `call'
/var/lib/gems/1.8/gems/activerecord-2.3.17/lib/active_record/connection_adapters/abstract/connection_pool.rb:361:in `call'
/var/lib/gems/1.8/gems/sass-3.2.1/rails/../lib/sass/plugin/rack.rb:54:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/string_coercion.rb:25:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/head.rb:9:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/methodoverride.rb:24:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/params_parser.rb:15:in `call'
/var/rails/canvas/vendor/plugins/respondus_soap_endpoint/lib/respondus_api_middleware.rb:60:in `call'
/var/rails/canvas/lib/request_context_generator.rb:34:in `call'
/var/rails/canvas/app/middleware/prevent_non_multipart_parse.rb:32:in `call'
/var/rails/canvas/app/middleware/stats_timing.rb:8:in `call'
/var/lib/gems/1.8/gems/activesupport-2.3.17/lib/active_support/core_ext/benchmark.rb:17:in `ms'
/usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
/var/lib/gems/1.8/gems/activesupport-2.3.17/lib/active_support/core_ext/benchmark.rb:17:in `ms'
/var/rails/canvas/app/middleware/stats_timing.rb:8:in `call'
/var/rails/canvas/app/middleware/load_account.rb:12:in `call'
/var/rails/canvas/app/middleware/sessions_timeout.rb:24:in `call'
/var/lib/gems/1.8/gems/encrypted_cookie_store-instructure-1.0.2/lib/encrypted_cookie_store.rb:32:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/failsafe.rb:26:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/lock.rb:11:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/lock.rb:11:in `synchronize'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/lock.rb:11:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.17/lib/action_controller/dispatcher.rb:106:in `call'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/rack/request_handler.rb:96:in `process_request'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_request_handler.rb:516:in `accept_and_process_next_request'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_request_handler.rb:274:in `main_loop'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb:206:in `start_request_handler'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb:171:in `send'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb:171:in `handle_spawn_application'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/utils.rb:470:in `safe_fork'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb:166:in `handle_spawn_application'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb:357:in `__send__'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb:357:in `server_main_loop'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb:206:in `start_synchronously'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb:180:in `start'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/rack/application_spawner.rb:129:in `start'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rack_application'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server_collection.rb:132:in `lookup_or_add'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb:246:in `spawn_rack_application'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server_collection.rb:82:in `synchronize'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server_collection.rb:79:in `synchronize'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb:244:in `spawn_rack_application'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb:137:in `spawn_application'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/spawn_manager.rb:275:in `handle_spawn_application'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb:357:in `__send__'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb:357:in `server_main_loop'
/var/lib/gems/1.8/gems/passenger-3.0.19/lib/phusion_passenger/abstract_server.rb:206:in `start_synchronously'
/var/lib/gems/1.8/gems/passenger-3.0.19/helper-scripts/passenger-spawn-server:99



Any suggestions?

Thanks

[Cody Cutrer]

This error is because your CAS server is attempting a single-sign-out with a SAML assertion, which Canvas does not support. This should be unrelated to the login process, though.

Cody Cutrer

Software Engineer

Instructure

--
 
---
You received this message because you are subscribed to the Google Groups "Canvas LMS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to canvas-lms-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[jos...@gmail.com]

Thanks for the quick response.

I have very little knowledge about CAS. Is there anything that can be done on the canvas end to make this work? Or will an entirely new CAS plugin need to be made to get this to work?

Any way to figure out why I am not getting redirected to the dashboard if it is unrelated to the login process?

[Cody Cutrer]

You can file a feature request for CAS Single-Sign-Out support at http://help.instructure.com/categories/20057816-feature-request-categories. As for the login problem, if the CAS server is not redirecting back to Canvas at all after logging in, there's nothing to be done from the Canvas side. You'll need to contact support for your particular CAS server to determine why it's not redirecting back.

Cody Cutrer

Software Engineer

Instructure

--

[Christopher Bennell]

I've noticed that if a user tries to log in via CAS but that user doesn't exist in Canvas, Canvas will immediately redirect to the CAS logout page. Have you created your users in Canvas, with user IDs matching the username that CAS is passing?

[jos...@gmail.com]

It looks like that was the case. All new users I created it worked fine with.

[Maricel Medina]

Hi,

We have a delay assigning users to the classes. So they exist in Active Directory but not yet in Canvas.  When the students go to Canvas, they are presented the CAS login page, got authenticated but because they didn't exist in CANVAS (as you described below) they are redirected to the CAS logout page. This is a terrible user experience because users don't know what is going on.  Is there any way to send a message to the users rather than to show the logout page?  Txs!

On Monday, June 24, 2013 6:47:28 AM UTC-7, Christopher Bennell wrote:

[Christopher Bennell]

I agree that it would be nice if there were a customizable message presented to users in this case. 

[Ray Davis]

This is a major black-eye for us in our Canvas pilot. We've solved similar problems with other software integrations in the past, and so I posted a suggested solution here:

https://help.instructure.com/entries/22906155-Improve-handling-of-unknown-externally-authenticated-users

Any interested parties, please take a look & comment.

Thanks,

Ray