If a user's password is expiring soon and they are trying to access a service which uses a SAML request for authentication such as Google Apps, the SAML response is not sent back to the service.
Another end-state (and related config) is needed in login-webflow.xml that sends the user to a view containing the password warning message along with a hidden form that will POST the SAML response back to GoogleApps.
I've already fixed the issue locally and will submit a pull request shortly.
Environment
None
Activity
Show:
Misagh MoayyedJuly 15, 2014 at 7:10 AM
All Open JIRA issues are now moved to Github, and tracked under Github Issues. The migration is now complete. Please use Github issue tracking to file and track issues. JIRA issues will be closed.
I made a similar fix, but I took a different approach. Rather than adding another end state which duplicates "postResponseView", I changed "pwdWarningPostView" to a view-state. When the continue link is loaded, the webflow transitions to the "serviceCheck" decision-state just as if they hadn't gotten a warning. This also fixes because the ST isn't generated until after the warning.
Right now my changes are in a cas overlay. I'm currently moving it over to a branch on my fork of cas over on github.
It looks like this issue will be fixed in 4.0 as part of the pull request for CAS-1418, as the "showMessages" view state does the same thing.
If a user's password is expiring soon and they are trying to access a service which uses a SAML request for authentication such as Google Apps, the SAML response is not sent back to the service.
Another end-state (and related config) is needed in login-webflow.xml that sends the user to a view containing the password warning message along with a hidden form that will POST the SAML response back to GoogleApps.
I've already fixed the issue locally and will submit a pull request shortly.