Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potential Login Issue When Service Ticket is in URL (and CAS Authentication is Initiated Outside of Joomla) #38

Open
orware opened this issue Mar 22, 2017 · 2 comments

Comments

@orware
Copy link

orware commented Mar 22, 2017

As I've been using the newest versions of the plugin to do my CAS Testing the past couple of weeks a particular situation has come up a few times that I've observed and at the moment I'm not sure if it's a bug or not, but at the moment it feels like one (and I've been able to verify it occurring with our commercial CAS server and the custom one I've been building in PHP). Below are the details I've been able to gather (I'll take a closer look at the code to see if I can identify any clues leading to the issue after I finish this writeup).

Scenario 1 (User-initiated login from Joomla External Login Module):
If I go directly to my test Joomla site as normal (e.g. "http://localhost/intranet"), then hit the CAS Login button, I'm redirected to our CAS Server, I log in, and I get redirected back to the Joomla site with everything validated and I get logged in without any problem.

Scenario 2 (CAS Auth Initiated Outside of Joomla)
If instead of initiating the CAS login from the Joomla site, I simply put in the URL to the CAS Server and provide the Joomla site URL as the value for the service like this:

https://cas.example.com/cas/login?service=http%3A%2F%2Flocalhost%2Fintranet%2F&gateway=true

After successfully authenticating, it doesn't log me in properly to Joomla upon redirect, instead it appears to get confused and I can visibly see some issues in the address bar because it ends up showing two tickets there like this:

http://localhost/intranet/?&ticket=ST-5daf489e55234da88af1a4df27289976&ticket=ST-e1a2f109d8da471aa8995a39a93a3550

At this point, if I hit the Login button from the External Login module, it will simply keep on redirecting back to the Joomla site with additional tickets appended to the URL.

From what I've been able to gather so far, the External Login Module initiates a request over to the External Login component so perhaps it is kicking off the SSO process in some way there in the normal Scenario 1, whereas that same process isn't being setup in Scenario 2.

@gregkoron
Copy link

I have noticed the same problems with Joomla 3.8.1. Do you have any solution?
Thank you in advance!

@chdemko
Copy link
Owner

chdemko commented Aug 29, 2018

Currently, I have no solution since Joomla! must be aware of the CAS server used. But you can propose a PR if you want.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants