View Issue Details

IDProjectCategoryView StatusLast Update
0005526SOGoWeb Generalpublic2023-01-26 10:02
Reporterolivluca Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Platformx86_64OSLinuxOS VersionUbuntu 20.04 LTS
Product Version5.6.0 
Summary0005526: CAS authentication fails after a while
Description

I recently setup SOGo to use CAS authentication against a lemonldap server.
It works but after a while (5 minutes or less, it doesn't matter if I'm actively using SOGO or it's inactive), if I try to click on, e.g., a different mail folder there's an "Unauthotized" popup.

Looking at the developer console, I see that after clicking there's a POST issued by angular.min.js, the reply is a 302 redirecting to the cas portal.
Then there's an OPTION to that url and a GET to the same url, which fails with 401 and the json content is result:0 and error:"9".
The "funny" thing is that if I copy that url and open it in a new tab, then SOGo works again for a while (though it creates a new session in sogo_session_folders).

The difference between both requests is that the request made by angular.min.js is missing the "lemonldap" cookie, while, if I paste the url in a different tab, the cookie is there.

I already changed the c_value field type of table sogo_session_folders to text (though I don't see the c_lastseen field changing when I click on different things in the sogo interface, I only see it change when I get the "Unauthorized" popup, maybe that's the problem?)

Steps To Reproduce
  1. setup a SOGo server to use CAS authentication.
  2. open the SOGo web interface in a browser and authenticate against the CAS server.
  3. check that everything is working correctly by reading some of your emails.
  4. wait approximately 5 minutes.
  5. click on a different mail folder or a different mail message.
  6. the "unathorized!" popup appears.
  7. open the developer console (F12 in firefox) and select the network tab.
  8. try step 5 again, now you should see a GET request with status 302 redirecting to the authentication portal and the following GET request with no cookies sent to the authentication portal, request that returns a 401.
  9. copy the url of the last request and open it in ace new tab (where you previuosly opened the developer console).
  10. check that this new request is sending the cookies to the authentication portal , it redirects to the original url which now succeeds.
TagsNo tags attached.

Activities

olivluca

olivluca

2023-01-26 10:02

reporter   ~0016606

I found that the above behavior happens after the number of seconds set in SOGoCacheCleanupInterval.
Setting it to a large enough value (say, 8 hours) makes SOGo usable, though I don't know what other consequences it could have.

Issue History

Date Modified Username Field Change
2022-05-27 10:29 olivluca New Issue
2022-05-27 14:19 francis Steps to Reproduce Updated
2023-01-26 10:02 olivluca Note Added: 0016606