0003884: CAS authentication does not work with XHR requests - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0003884	SOGo	Web Address Book	public	2016-11-08 18:54	2016-12-08 19:38

Reporter	ad	Assigned To	ludovic
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	suspended
Platform	[Server] Linux	OS	RHEL/CentOS	OS Version	7
Product Version	3.2.1
Fixed in Version	3.2.4

Summary	0003884: CAS authentication does not work with XHR requests
Description	CAS authentication does not work with XHR requests. When user clicks e.g. address book and his/her session is expired, the request to Sogo is redirected to the CAS server and does not return to Sogo even if CAS session is still alive
Steps To Reproduce	CAS auth Go to Address book Wait until session expire (or delete Sogo cookies) Click one of Global Addressbooks XHR request is redirected to CAS server
Additional Information	Browser sends the following requests GET https://example.com/SOGo/so/user/Contacts/group/view?asc=1&partial=1&search=name_or_address&sort=c_cn&value= (302 redirect to CAS server) GET https://sso.example.com/cas/login (200 - request is not redirected back to sogo)
Tags	authentication, cas

ckreutzer 2016-11-09 20:25 reporter ~0010825	I can reproduce this when using SAML authentication, also in the Mail module. The problem also exists for requests that were originally POST requests. Request schema is as stated by ad above.

ludovic 2016-12-06 21:22 administrator ~0010956	Try with 3.2.4.

ckreutzer 2016-12-07 09:36 reporter ~0010957	I tested using 3.2.4.20161207-1 At least with SAML authentication, I see the same behaviour as before: GET https://example.com/SOGo/so/ckreutzer@example.com/Mail/0/folderINBOX/2338/view (302 Redirect to IdP) (I noticed the set-cookie: saml2-location header, is that one new?) GET https://example.com/sso/saml2/idp/SSOService.php?SAMLRequest=... (200) But I've seen now that SimpleSAMLphp is returning HTML there, which should trigger the browser to POST-submit the SAMLResponse (to /SOGo/saml2-signon-post). But since the JavaScript submit isn't/can't be done, it is just doing nothing... Maybe it would be working with the HTTP-Artifact Binding, I'll try this asap, but I'm currently short on time.

ad 2016-12-07 18:59 reporter ~0010960	The issue is fixed in Sogo 3.2.4

ludovic 2016-12-07 19:32 administrator ~0010961	It's unclear if it's fixed or not - if not, provide more evidences.

Date Modified	Username	Field	Change
2016-11-08 18:54	ad	New Issue
2016-11-09 20:25	ckreutzer	Note Added: 0010825
2016-11-16 16:47	ad	Tag Attached: cas
2016-11-17 07:14	ckreutzer	Tag Attached: authentication
2016-12-06 21:22	ludovic	Note Added: 0010956
2016-12-07 09:36	ckreutzer	Note Added: 0010957
2016-12-07 18:59	ad	Note Added: 0010960
2016-12-07 19:32	ludovic	Note Added: 0010961
2016-12-07 19:32	ludovic	Status	new => closed
2016-12-07 19:32	ludovic	Assigned To	=> ludovic
2016-12-07 19:32	ludovic	Resolution	open => suspended
2016-12-07 19:32	ludovic	Fixed in Version	=> 3.2.4