Hi,
It seems you're need the equivalent of "redirectAfterValidation" of
java-cas-client Cas20ProxyReceivingTicketValidationFilter...
Are you using https://github.com/lemon-arrebol/lemon-sso-java-cas-client ?
NB: Another less standard solution could be the following on HTML page:
window.history.replaceState({}, null, location.href.replace(/[?&]ticket=[^#]*/,
''))
(which also saves an HTTP 302 but who cares...)
On 02/02/2023 11:59, m.ich.elgre wrote:
Hello
I have a problem when someone uses an URL with an old or invalid ticket to
access the application. I think that this is a common problem but I couldn't
find clues to solve it.
The service settings uses the default :
"responseType": "REDIRECT"
Other choices (POST, HEADER) seem not to work well for me. REDIRECT works very
well, all is fine, there is even a single-sign-out, with only one issue.
When the browser goes back to the application after authentication, the URL
includes the ticket : ?ticket=ST-260-FX8wq79ZjsYs...
The problem is that if this URL is reused when the ticket is outdated, the user
gets a 401 error.
État HTTP 401 – Non authorisé
Type Rapport d'état
message Ticket 'ST-260-FX8wq79ZjsYs...' not recognized
description La requête nécessite une authentification HTTP.
This may happen for instance if a user bookmarks the URL, or goes back in his
browser history, etc. I see this often.
The application runs under Tomcat. There is a valve that does the
authentication and puts the principal in the session's data.
<Valve
className="org.jasig.cas.client.tomcat.v90.Cas20CasAuthenticator"
encoding="UTF-8"
casServerLoginUrl="https://.../cas/login";
casServerUrlPrefix="https://.../cas/";
serverName="..."
/>
How can I avoid that the token is in the final URL, or manage the 401 error in
order to redirect the flow to the CAS login instead of showing the error ?
Thank you.
Michael
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas <https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/886aeb8e-0c19-47c4-8dcd-59ad2bbb42dbn%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/886aeb8e-0c19-47c4-8dcd-59ad2bbb42dbn%40apereo.org?utm_medium=email&utm_source=footer>.
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-PAS (Pôle Applications et Services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 04 08 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59 - 06 74 55 57 67
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/26bfec71-98dc-1c83-e669-14923602a5dc%40univ-paris1.fr.
