SOGo | BTS

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004468SOGoGUIpublic2018-05-16 11:132019-01-16 02:55
Reportervbonamy 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
Platform[Server] LinuxOSCentOS LinuxOS Version7.4
Product Version3.2.10 
Target VersionFixed in Version 
Summary0004468: CAS Authentication - CAS Session expiration handling with SOGo V3 - CORS
DescriptionTroubles with SOGo handling of the CAS Session expiration.

Adding some configurations on CAS server to handle Cross-origin resource sharing (CORS) allows us to have a better behavior, but that's not perfect yet.

See below.
Steps To ReproduceUse a SOGo v3 with a CAS Authentication.
You authenticate on SOGo Web UI (via CAS login).
You click on a mail, all is ok.
Now, log out of the cas directly via another tab of your browser : https://cas.my-univ.fr/logout [^]
Wait or click on another mail in the SOGo Web UI.

-> an infinity loop of http ajax requests occurs (on CAS and SOGo) ... and the browser doesn't detect it !

In console of your browser you can see logs scrolling like this
"""
Failed to load https://cas.my-univ.fr/login?service=https%3A%2F%2Fsogo.my-univ.fr%2FSOGo%2Fso%2Findex: [^] No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://sogo.my-univ.fr' [^] is therefore not allowed access.
"""
-> to handle CORS, we add on the HTTPD of the CAS Server, configurations like this :
SetEnvIf Origin "https://sogo.my-univ.fr" [^] FROM_SOGO
Header add Access-Control-Allow-Origin "https://sogo.my-univ.fr" [^] env=FROM_SOGO
Header add Access-Control-Allow-Headers "Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Headers,Access-Control-Request-Method,Connection,Host,Origin,User-Agent,Content-Type" env=FROM_SOGO

With this, it works better - no more infinity loop, and the cas login form is displayed to the user ... but after log in, regularly, you are not redirected to a sogo web html page but to a sogo web js page like https://sogo.my-univ.fr/SOGo/so/toto/Mail/0/folderINBOX/expunge [^] . This page displays things like :
{"quotas": {"maxQuota": "10731520", "usedSpace": "3865663"}} in the browser of the user :-(
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0013117)
vbonamy (reporter)
2018-10-18 02:42

Same problem with SOGo v4 (I just tested with 4.0.3).

The workaround about handle cors on cas server does not work very well ... and can actually cause an infinite loop ont the cas server, so I remove httpd configurations about this on the cas server.

Because of this problem, we continue to use SOGo in version 2 here.
(0013122)
vbonamy (reporter)
2018-10-22 09:26

To avoid infinite loop I added this JavaScript (thanks to SOGoUIAdditionalJSFiles) :

document.addEventListener("DOMContentLoaded", function() {

// Hack for https://sogo.nu/bugs/view.php?id=4468 [^]
var observer = new MutationObserver(function (mutations, me) {
    // console.log(mutations);
    try {
    if(mutations[0].addedNodes[0].src.endsWith('/recover')) {
        window.location = '/';
        me.disconnect(); // stop observing
    }
    } catch(e) {}
});

// start observing
observer.observe(document.body, {
  childList: true
});

});
(0013260)
wix (reporter)
2019-01-16 02:53
edited on: 2019-01-16 02:55

Hello,

I have the same issue with SOGo 4.0.5

For me this problem is not only related to the logout of the CAS, but also randomly

I fix with this rule on my proxypass :
ProxyPassMatch "^/SOGo/so/(.*)/recover" "!"
RedirectMatch "^/SOGo/so/(.*)/recover(.*)" "https://webmail.domain.fr/SOGo/" [^]

But I think it's not a good solution

Thank you to check. This problem has existed since 2011 ( https://lists.inverse.ca/sogo/arc/users/2011-07/msg00058.html [^] )

William


- Issue History
Date Modified Username Field Change
2018-05-16 11:13 vbonamy New Issue
2018-10-18 02:42 vbonamy Note Added: 0013117
2018-10-22 09:26 vbonamy Note Added: 0013122
2019-01-16 02:53 wix Note Added: 0013260
2019-01-16 02:55 wix Note Edited: 0013260 View Revisions


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker