Same problem with SOGo v4 (I just tested with 4.0.3).

The workaround about handle cors on cas server does not work very well ... and can actually cause an infinite loop ont the cas server, so I remove httpd configurations about this on the cas server.

Because of this problem, we continue to use SOGo in version 2 here.

To avoid infinite loop I added this JavaScript (thanks to SOGoUIAdditionalJSFiles) :

document.addEventListener("DOMContentLoaded", function() {

// Hack for https://sogo.nu/bugs/view.php?id=4468
var observer = new MutationObserver(function (mutations, me) {
// console.log(mutations);
try {
if(mutations[0].addedNodes[0].src.endsWith('/recover')) {
window.location = '/';
me.disconnect(); // stop observing
}
} catch(e) {}
});

// start observing
observer.observe(document.body, {
childList: true
});

});

Hello,

I have the same issue with SOGo 4.0.5

For me this problem is not only related to the logout of the CAS, but also randomly

I fix with this rule on my proxypass :
ProxyPassMatch "^/SOGo/so/(.)/recover" "!"
RedirectMatch "^/SOGo/so/(.)/recover(.*)" "https://webmail.domain.fr/SOGo/"

But I think it's not a good solution

Thank you to check. This problem has existed since 2011 ( https://lists.inverse.ca/sogo/arc/users/2011-07/msg00058.html )

William

If one of you can provide me a temporary account on their system, I could more easily reproduce and fix the problem. Thanks. Contact me in private.

I have a ticket open on inverse.ca/mantis/
I will give via this tracker access as soon as it is ready (the test area is not related to production)

Thanks

Please try the next nightly build and let me know if it fixes the problem. Make sure to empty your browser's cache.

Thank you.

Our testing sogo v4 contains this modification (== https://github.com/inverse-inc/sogo/tree/master ) now.

I had to handle CORS on CAS Server :
SetEnvIf Origin "https://sogo-rwd.univ-rouen.fr" FROM_SOGO_RWD
Header add Access-Control-Allow-Origin "https://sogo-rwd.univ-rouen.fr" env=FROM_SOGO_RWD
Header add Access-Control-Allow-Headers "Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Headers,Access-Control-Request-Method,Connection,Host,Origin,User-Agent,Content-Type" env=FROMSOGO\
RWD

And with that, there is no infinite redirections loop after CAS logout : if you don't handle CORS on CAS with http headers, there is an infinite loop yet because that getting cas url from ajax call failed [js exception] and so I think $window.attempted is never set to true.

Problem is after reauthentication, the page that is displayed can be sometimes javascript page with quota as json (expunge url).

I send you video by mail.

Thank you.
Vincent.

Salut Vincent,

Le dernier commit à corrigé le problème pour ma part (sogo-4.0.5.20190201)
De ce que m'a expliquer Francis via le support payant, c'est qu'il n'y a pas besoin de gérer les CORS, l'application s'en occupe dans le code.

William