Dear all, I am reaching out regarding the use of CAS 6.6.8 for serving SAML2 requests. Currently, we are in the process of migrating our Google integration from the deprecated Google-native integration to standard SAML2 endpoints. To provide some context, the deprecated module was designed to directly reply within the /cas/login endpoint without performing a redirect. This approach deviates from the regular protocol integration, which follows the bridge pattern as described in the following documentation: https://apereo.github.io/cas/6.6.x/protocol/Protocol-Overview.html#the-bridge.
During our migration, we have encountered what appears to be a general bug in the SAML2 endpoints. We have observed that this endpoint saves the SAMLauthn (SAML authentication) in the user session prior to redirection to the login. Upon user login, the user is redirected to the SAML Callback endpoint, which retrieves the SAMLauthn request from the session and generates the SAMLresponse/assertion. While this process works smoothly when the user completes the flow sequentially, we have encountered an issue when the user opens another SSO-integrated application in a separate browser tab before logging in. In this scenario, the controller overrides the SAMLauthn from the first tab with the SAMLauthn from the second tab. Consequently, when the user logs in on one of the tabs, it works correctly in the second tab but results in an error in the first tab. I wanted to inquire if anyone else has experienced this issue and, if so, how you resolved or worked around it. Any insights or suggestions would be greatly appreciated. Thank you for your attention. Best regards, Miguel -- *Este mensaje puede contener información confidencial. Si usted no es el destinatario o lo ha recibido por error, por favor, bórrelo de sus sistemas y comuníquelo a la mayor brevedad al remitente. Los datos personales incluidos en los correos electrónicos que intercambie con el personal de la Universidad de Navarra podrán ser almacenados en la libreta de direcciones de su interlocutor y/o en los servidores de la Universidad durante el tiempo fijado en su política interna de conservación de información. La Universidad de Navarra gestiona dichos datos con fines meramente operativos, para permitir el contacto por email entre sus trabajadores/colaboradores y terceros. Puede consultar la Política de Privacidad de la Universidad de Navarra en la dirección: **https://www.unav.edu/aviso-legal* <https://www.unav.edu/aviso-legal>**** ** ** *This email message may contain confidential information. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. The personal information included in email messages exchanged with employees of the University of Navarra may be stored in the database of your interlocutor and/or the servers of the University for the time-period stipulated by its internal information storage policy. The University stores such data for purely administrative purposes, to facilitate e-mail contact between its employees and third parties. The University of Navarra Privacy Policy may be accessed at https://www.unav.edu/aviso-legal <https://www.unav.edu/aviso-legal> ***** ** ** _Antes de imprimir este mensaje o sus documentos anexos, asegúrese de que es necesario. Proteger el medio ambiente está en nuestras manos. Before printing this e-mail or attachments, be sure it is necessary. _It is in our hands to protect the environment.__ -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b91fd84f-b1a7-4972-8859-42e6f86c7659n%40apereo.org.
