Agreed. This does not just affect Gmail on Android, but also common applications such as GlobalProtect VPN clients and I'm sure other commonly used software. I do appreciate the pull request and we will likely be using the solution Mark posted.
On Wed, Apr 2, 2025 at 4:50 AM David Gelhar <david.gel...@gmail.com> wrote: > Hi Mark, > > Thank you for posting that pull request. We have encountered similar > problems since upgrading to CAS7 so your analysis (and workaround) is going > to prove very helpful. > > The attitude of the CAS project around this issue is frankly > incomprehensible. They have introduced a change that completely breaks > authentication for a very significant user population (Gmail on an Andoid > device is not exactly a "edge case"), and then declined to accept a fix > because it would be "not worth maintaining". > > Thanks, > > David > > On Wednesday, March 12, 2025 at 9:00:46 AM UTC-4 Mark Oliver wrote: > >> Hi Jonathan, >> >> Unfortunately, that was a mistake on my part—a fix isn’t in the mentioned >> file. >> >> I did submit a pull request for a fix here, but it was rejected because >> it changed the core functionality of CAS, and the project doesn’t want to >> maintain that, which is fair enough: >> https://github.com/apereo/cas/pull/6305 >> >> Going forward, we’re managing our own version of the file. Given that, >> I’ve simplified it by solely relying on sessionStorage. >> >> Cheers, >> Mark >> On Thursday, 6 March 2025 at 13:52:01 UTC Jonathon Taylor wrote: >> >>> Hi Mark, >>> >>> We are running into this same issue. Would you mind pointing me to what >>> in the master branch version resolved this issue for you? We are seeing >>> the issue with 7.1.4 currently. >>> >>> On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community < >>> cas-...@apereo.org> wrote: >>> >>>> Thanks Ray, >>>> >>>> I was able to find the latest file on the master branch which looks >>>> like it's been fixed: >>>> >>>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/static/js/cas.js >>>> >>>> Cheers. >>>> Mark >>> >>> >>>> >>>> On Tuesday, 7 January 2025 at 06:26:59 UTC Ray Bon wrote: >>>> >>>>> Mark, >>>>> >>>>> You can start with >>>>> https://apereo.github.io/cas/developer/Contributor-Guidelines.html >>>>> <https://apereo.github.io/cas/developer/Build-Process.html> >>>>> >>>>> Ray >>>>> >>>>> On Mon, 2025-01-06 at 06:30 -0800, 'Mark Oliver' via CAS Community >>>>> wrote: >>>>> >>>>> Hello, >>>>> >>>>> We recently attempted to upgrade our CAS installation from 6.6 to 7.x >>>>> and encountered a blocking issue with Android’s embedded WebView >>>>> (specifically in the Gmail app). >>>>> >>>>> In CAS 7.x, the default src/main/static/js/cas.js file appears to rely >>>>> more heavily on localStorage. However, the Gmail app’s built-in WebView >>>>> which is used for registering an account does not properly support >>>>> localStorage. This leads to errors in the authentication flow, causing the >>>>> WebView browser to hang after CAS credentials are submitted. In CAS 6.6, >>>>> the code primarily used sessionStorage, and this issue never arose. >>>>> >>>>> To work around the problem, I’ve updated cas.js so that it first >>>>> checks if localStorage is available, and if not, it falls back to an >>>>> in-memory object or to sessionStorage. This resolves the problem for our >>>>> users. >>>>> >>>>> - So firstly is this a known issue, as of 7.1.3 that issue still >>>>> remains. >>>>> - If a fix is welcome, where should I submit a pull request for the >>>>> src/main/static/js/cas.js file? >>>>> >>>>> Cheers. >>>>> Mark >>>>> >>>>> >>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+u...@apereo.org. >>>> To view this discussion visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Jonathon Taylor (he/him) >>> Information Security Office >>> jona...@berkeley.edu >>> >> -- Jonathon Taylor (he/him) Information Security Office jonath...@berkeley.edu -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABzqDo-HEUoVYd3szx_f1XsAjWWWQwO1a3z5aq243PwX_GOO4A%40mail.gmail.com.
