Hello
I have a problem when someone uses an URL with an old or invalid ticket to
access the application. I think that this is a common problem but I
couldn't find clues to solve it.
The service settings uses the default :
"responseType": "REDIRECT"
Other choices (POST, HEADER) seem not to work well for me. REDIRECT works
very well, all is fine, there is even a single-sign-out, with only one
issue.
When the browser goes back to the application after authentication, the URL
includes the ticket : ?ticket=ST-260-FX8wq79ZjsYs...
The problem is that if this URL is reused when the ticket is outdated, the
user gets a 401 error.
État HTTP 401 – Non authorisé
Type Rapport d'état
message Ticket 'ST-260-FX8wq79ZjsYs...' not recognized
description La requête nécessite une authentification HTTP.
This may happen for instance if a user bookmarks the URL, or goes back in
his browser history, etc. I see this often.
The application runs under Tomcat. There is a valve that does the
authentication and puts the principal in the session's data.
<Valve
className="org.jasig.cas.client.tomcat.v90.Cas20CasAuthenticator"
encoding="UTF-8"
casServerLoginUrl="https://.../cas/login";
casServerUrlPrefix="https://.../cas/";
serverName="..."
/>
How can I avoid that the token is in the final URL, or manage the 401 error
in order to redirect the flow to the CAS login instead of showing the error
?
Thank you.
Michael
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/886aeb8e-0c19-47c4-8dcd-59ad2bbb42dbn%40apereo.org.
