Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mama-cas asks for authentication (prompts for username and password) for each service #11

Closed
tgpatel opened this issue Sep 27, 2014 · 4 comments
Closed

mama-cas asks for authentication (prompts for username and password) for each service #11

tgpatel opened this issue Sep 27, 2014 · 4 comments

Comments

@tgpatel
Copy link

tgpatel commented Sep 27, 2014

Hey,

I am using mama-cas library for one of my course project. I have two services (Django applications) relying on mama-cas as SSO. I have everything setup and these 3 servers (CAS Server, Service 1 and Service 2) are running on separate servers. Lets say they are running at:
CAS Server - cas_server.domain.com
Service 1 - service1.domain.com
Service 2 - serivce2.domain.com

Now Once I'm logged in to CAS Server I should be able to access Service 1 and Service 2 seamlessly without being redirected to CAS Server and being prompted for username/password but it doesn't happen and It prompts me for username/password for each service. Am I missing any configuration here or mama-cas doesn't support this yet?
@tgpatel tgpatel closed this as completed Sep 27, 2014
@tgpatel
Copy link
Author

tgpatel commented Sep 27, 2014

sorry for the trouble but the issue wasn't related to mama-cas.

@tgpatel
Copy link
Author

tgpatel commented Sep 28, 2014

Reopening the issue as the issue still persists.

I observed that once service 1 redirects to CAS server. The CAS server prompts for username/password if user is not logged into CAS server. But once the user returns to Service 1 and the Service 1 validates the ticket by calling the proxyValidate somehow the user gets logged out on CAS Server and hence when the user try to access Service 2 user is prompted for username/password. I think this is not the intended outcome. Please let me know if this not the bug or you require more clarification

@tgpatel tgpatel reopened this Sep 28, 2014
@jbittel
Copy link
Owner

jbittel commented Sep 29, 2014

You're correct, that should not be the intended outcome. Service 2 should not prompt again for credentials once logged in. However, I'm not sure what would cause the user to be logged out.

If you enable debug logging on MamaCAS, what does it log during that sequence of events? That might help reveal if this is an issue at the CAS level. Also, check what is happening to the Django session itself. Is there an active session after logging into service 1? Is it still active when accessing service 2? Is the Django sessionid cookie present in the browser during the entire process?

It might also be useful to know what CAS clients you're using for the two services.

@tgpatel
Copy link
Author

tgpatel commented Oct 1, 2014

jbittel thanks for your time and pointing me how to debug. As per your suggestions I enabled the debugging and observed nothing was wrong on mama-cas side. Well then I looked at the sessionid cookie present in the browser as per your suggestion and I saw that the sessionid was getting override. so the root of the problem was me running all 3 on same domain and different ports. Hence the sessionId was getting override.
Thanks for your time and input. Marking the issue as resolved.

@tgpatel tgpatel closed this as completed Oct 1, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbittel @tgpatel