SOGo | BTS

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004468SOGoGUIpublic2018-05-16 11:132018-06-05 10:37
Reportervbonamy 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
Platform[Server] LinuxOSCentOS LinuxOS Version7.4
Product Version3.2.10 
Target VersionFixed in Version 
Summary0004468: CAS Authentication - CAS Session expiration handling with SOGo V3 - CORS
DescriptionTroubles with SOGo handling of the CAS Session expiration.

Adding some configurations on CAS server to handle Cross-origin resource sharing (CORS) allows us to have a better behavior, but that's not perfect yet.

See below.
Steps To ReproduceUse a SOGo v3 with a CAS Authentication.
You authenticate on SOGo Web UI (via CAS login).
You click on a mail, all is ok.
Now, log out of the cas directly via another tab of your browser : https://cas.my-univ.fr/logout [^]
Wait or click on another mail in the SOGo Web UI.

-> an infinity loop of http ajax requests occurs (on CAS and SOGo) ... and the browser doesn't detect it !

In console of your browser you can see logs scrolling like this
"""
Failed to load https://cas.my-univ.fr/login?service=https%3A%2F%2Fsogo.my-univ.fr%2FSOGo%2Fso%2Findex: [^] No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://sogo.my-univ.fr' [^] is therefore not allowed access.
"""
-> to handle CORS, we add on the HTTPD of the CAS Server, configurations like this :
SetEnvIf Origin "https://sogo.my-univ.fr" [^] FROM_SOGO
Header add Access-Control-Allow-Origin "https://sogo.my-univ.fr" [^] env=FROM_SOGO
Header add Access-Control-Allow-Headers "Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Headers,Access-Control-Request-Method,Connection,Host,Origin,User-Agent,Content-Type" env=FROM_SOGO

With this, it works better - no more infinity loop, and the cas login form is displayed to the user ... but after log in, regularly, you are not redirected to a sogo web html page but to a sogo web js page like https://sogo.my-univ.fr/SOGo/so/toto/Mail/0/folderINBOX/expunge [^] . This page displays things like :
{"quotas": {"maxQuota": "10731520", "usedSpace": "3865663"}} in the browser of the user :-(
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2018-05-16 11:13 vbonamy New Issue


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker