Announcement Announcement Module
Collapse
No announcement yet.
CAS TGC cookie deletion Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Thanks Jerome.. I will start that one as a new thread. let us now stick to the CAS TGC cookie deletion. Is there any way to remove the cookie sitting in the browser. As per my understanding , the browser must ignore an expired cookie. but it is strange to see the cookie still remains.

    Comment


    • #17
      The CASTGC cookie should be destroyed. Enable DEBUG logs on org.jasig.cas on CAS server side to investiguate...

      Comment


      • #18
        Hi Jerome,

        I have enabled debug in the CAS server. I can see the following entries:

        2012-12-19 00:01:44,592 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGe nerator] - <Removed cookie with name [CASTGC]>
        2012-12-19 00:01:44,592 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGe nerator] - <Removed cookie with name [CASPRIVACY]>

        2012-12-19 00:01:44,608 DEBUG [org.jasig.cas.util.HttpClient] - <Attempting to access https://APPURL/j_spring_cas_security_check>
        2012-12-19 00:01:44,725 WARN [org.jasig.cas.util.HttpClient] - <Error Sending message to url endpoint [https://APPURL/j_spring_cas_security_check]. Error is [blrkec114921d.ad.infosys.com]>
        2012-12-19 00:01:44,885 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not generate service.>
        2012-12-19 00:01:44,885 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor did not generate service.>
        2012-12-19 00:01:44,892 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not generate service.>
        2012-12-19 00:01:44,892 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor did not generate service.>
        2012-12-19 00:01:44,895 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - <Terminate web session C6891F3A4063E6583B1C5401DD017177.node1 in 2 seconds>
        2012-12-19 00:01:44,896 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - <Error getting service from flow state.>
        java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended
        at org.springframework.webflow.engine.impl.FlowExecut ionImpl.getActiveSession(FlowExecutionImpl.java:19 1)
        at org.springframework.webflow.engine.impl.RequestCon trolContextImpl.getFlowScope(RequestControlContext Impl.java:134)
        at org.jasig.cas.web.support.WebUtils.getService_arou ndBody8(WebUtils.java:87)
        at org.jasig.cas.web.support.WebUtils.getService_arou ndBody9$advice(WebUtils.java:57)
        at org.jasig.cas.web.support.WebUtils.getService(WebU tils.java:1)
        at org.jasig.cas.web.flow.TerminateWebSessionListener .sessionStarted_aroundBody0(TerminateWebSessionLis tener.java:62)
        at org.jasig.cas.web.flow.TerminateWebSessionListener .sessionStarted_aroundBody1$advice(TerminateWebSes sionListener.java:57)
        at org.jasig.cas.web.flow.TerminateWebSessionListener .sessionStarted(TerminateWebSessionListener.java:1 )
        at org.springframework.webflow.engine.impl.FlowExecut ionListeners.fireSessionStarted(FlowExecutionListe ners.java:126)
        at org.springframework.webflow.engine.impl.FlowExecut ionImpl.start(FlowExecutionImpl.java:367)
        at org.springframework.webflow.engine.impl.FlowExecut ionImpl.start(FlowExecutionImpl.java:225)
        at org.springframework.webflow.executor.FlowExecutorI mpl.launchExecution(FlowExecutorImpl.java:140)
        at org.springframework.webflow.mvc.servlet.FlowHandle rAdapter.handle(FlowHandlerAdapter.java:193)
        at org.springframework.web.servlet.DispatcherServlet. doDispatch(DispatcherServlet.java:923)
        at org.springframework.web.servlet.DispatcherServlet. doService(DispatcherServlet.java:852)
        at org.springframework.web.servlet.FrameworkServlet.p rocessRequest(FrameworkServlet.java:882)
        at org.springframework.web.servlet.FrameworkServlet.d oGet(FrameworkServlet.java:778)
        at javax.servlet.http.HttpServlet.service(HttpServlet .java:617)
        at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)
        at org.jasig.cas.web.init.SafeDispatcherServlet.servi ce_aroundBody2(SafeDispatcherServlet.java:128)
        at org.jasig.cas.web.init.SafeDispatcherServlet.servi ce_aroundBody3$advice(SafeDispatcherServlet.java:5 7)
        at org.jasig.cas.web.init.SafeDispatcherServlet.servi ce(SafeDispatcherServlet.java:1)
        at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
        at org.springframework.web.filter.CharacterEncodingFi lter.doFilterInternal(CharacterEncodingFilter.java :88)
        at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
        at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:259)
        at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
        at com.github.inspektr.common.web.ClientInfoThreadLoc alFilter.doFilter(ClientInfoThreadLocalFilter.java :63)
        at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)
        at com.infosys.socialedge.tomcat.valves.SecureCookieV alve.invoke(SecureCookieValve.java:51)
        at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:298)
        at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:857)
        at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(Http11Protocol.java:588)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run( JIoEndpoint.java:489)
        at java.lang.Thread.run(Thread.java:636)
        2012-12-19 00:01:53,538 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.>

        We can see CASTGC and CASPRIVACY cookie removed but ,what is the problem with this Illegal State exception. Is it because of this. ? what modification needs to be done as to avoid this. The spring config still remains the same as in the earlier posts.

        Any pointers?

        Thanks,
        Mckenzie

        Comment


        • #19
          Hi,

          The stack trace is pretty frightening, but it's just a DEBUG log, so I would ignore it.

          We see that cookies are destroyed, but I'm worrying about the call of the https://APPURL/j_spring_cas_security_check url : what's the response for this url ? Where does it redirect you ? Isn't it a redirection to a protected url, which triggers a round-trip to CAS server ? which therefore will re-set CASTGC cookie ?

          Best regards,
          Jérôme

          Comment


          • #20
            Hi Jerome,

            We have configured the service URL as https://APPURL/j_spring_cas_security_check for ServiceProperties and refered by the casProcessingFilterEntryPoint.

            This is redirected to the CAS Loginpage configured as the loginurl in the spring.xml.



            A strange thing i notice is with the cookies in the Http Fox that shows calling of the /cas/logout as below
            Cookie sent :

            CASTGC TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org End Of Session

            Cookie Recieved:

            CASTGC TGT-8-nnnUWE4IytFrwJX6LZfmSHu3RF7CmBewwEJPOohCtexzRnTLAQ-cas01.example.org /cas-server-webapp-3.5.1 End Of Session

            CASTGC "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT

            CASPRIVACY "" /cas-server-webapp-3.5.1/ Thu, 01-Jan-1970 00:00:10 GMT

            There is a redirect to /login Page of CAS after this ,which shows existence of the CASTGC cookie still in the browser, which ideally should not be. I am not sure why this redirection to /login page happens and also I suppose this might be a cause of issue. To trace the flow , I debugged CAS and I could see the following exception
            java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended

            It looks like the InitialFlowSetupAction is either not setting the configured service in Flowscope or there is some problem due to the call of /login page which interrupts the flow. Any suggestions please.


            Regards,
            Mckenzie

            Comment

            Working...
            X