Problem with CAS 1.2.0 using Firefox

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with CAS 1.2.0 using Firefox

Andreas Sundstrom
When using the 1.2.0 CAS authentication extension firefox will not
redirect to the CAS login page.
I can see in the FF console output that it is unable to load the app.js
script.
What I have found is that when using the 1.2.0 CAS extension there is an
error when downloading app.js
This can be seen in at least Firefox, wget and curl. Curl verbose output
is included below.

The whole file is actually downloaded, but I guess the transfer error
causes FF not to load the script.
I have not been able to relate this to any errors in the log (even with
trace log level).
This setup is running on "Debian GNU/Linux 10 (buster)" in Tomcat 9.0.31
and using OpenJDK RE 11.0.7+10-post-Debian-3deb10u1

When using 1.1.0 CAS extension everything works fine, so that is our
workaround at this time.
Maybe this will help someone or the developers to find the root cause.


Using guacamole-auth-cas-1.2.0.jar:

root@guacamole:/tmp# curl -s -v -O localhost:8080/guacamole/app.js
* Expire in 0 ms for 1 (transfer 0x561a292cef50)
* Expire in 0 ms for 1 (transfer 0x561a292cef50)
* Expire in 0 ms for 1 (transfer 0x561a292cef50)
*   Trying ::1...
* TCP_NODELAY set
* Expire in 149999 ms for 3 (transfer 0x561a292cef50)
* Expire in 200 ms for 4 (transfer 0x561a292cef50)
* Connected to localhost (::1) port 8080 (#0)
> GET /guacamole/app.js HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200
< Last-Modified: Thu, 02 Jul 2020 07:13:25 GMT
< Content-Type: application/javascript
< Transfer-Encoding: chunked
< Date: Thu, 02 Jul 2020 07:14:12 GMT
<
{ [8026 bytes data]
* transfer closed with outstanding read data remaining
* Closing connection 0
root@guacamole:/tmp#


Using guacamole-auth-cas-1.1.0.jar:

root@guacamole:/tmp# curl -s -v -O localhost:8080/guacamole/app.js
* Expire in 0 ms for 1 (transfer 0x56151a7f0f50)
* Expire in 0 ms for 1 (transfer 0x56151a7f0f50)
* Expire in 0 ms for 1 (transfer 0x56151a7f0f50)
*   Trying ::1...
* TCP_NODELAY set
* Expire in 149999 ms for 3 (transfer 0x56151a7f0f50)
* Expire in 200 ms for 4 (transfer 0x56151a7f0f50)
* Connected to localhost (::1) port 8080 (#0)
> GET /guacamole/app.js HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200
< Last-Modified: Thu, 02 Jul 2020 07:15:52 GMT
< Content-Type: application/javascript
< Transfer-Encoding: chunked
< Date: Thu, 02 Jul 2020 07:15:57 GMT
<
{ [8026 bytes data]
* Connection #0 to host localhost left intact
root@guacamole:/tmp#


Thanks for the excellent work on Guacamole

--
Andreas Sundstrom




---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with CAS 1.2.0 using Firefox

vnick
On Thu, Jul 2, 2020 at 3:38 AM Andreas Sundstrom <[hidden email]> wrote:
When using the 1.2.0 CAS authentication extension firefox will not
redirect to the CAS login page.
I can see in the FF console output that it is unable to load the app.js
script.
What I have found is that when using the 1.2.0 CAS extension there is an
error when downloading app.js
This can be seen in at least Firefox, wget and curl. Curl verbose output
is included below.


Yeah, I'm seeing the same thing, and I believe I know why.  Looks like when I made the changes to move over to a common redirect field I forgot to pull a couple of things out of the CAS module's guac-manifest.json file that are causing problems.  I'll open a bug against it and get it fixed - thanks for reporting it!

I think the changes to the CAS module in 1.2.0 were pretty minimal, so reverting to 1.1.0 shouldn't be too impactful, but we will get it fixed for the next release.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: Problem with CAS 1.2.0 using Firefox

vnick
On Thu, Jul 2, 2020 at 9:32 AM Nick Couchman <[hidden email]> wrote:
On Thu, Jul 2, 2020 at 3:38 AM Andreas Sundstrom <[hidden email]> wrote:
When using the 1.2.0 CAS authentication extension firefox will not
redirect to the CAS login page.
I can see in the FF console output that it is unable to load the app.js
script.
What I have found is that when using the 1.2.0 CAS extension there is an
error when downloading app.js
This can be seen in at least Firefox, wget and curl. Curl verbose output
is included below.


Yeah, I'm seeing the same thing, and I believe I know why.  Looks like when I made the changes to move over to a common redirect field I forgot to pull a couple of things out of the CAS module's guac-manifest.json file that are causing problems.  I'll open a bug against it and get it fixed - thanks for reporting it!

I think the changes to the CAS module in 1.2.0 were pretty minimal, so reverting to 1.1.0 shouldn't be too impactful, but we will get it fixed for the next release.


JIRA issue opened:


and pull request:


In my testing this should resolve the issue.

-Nick