No conversation state found
Marvin Addison
marvin.addison at gmail.com
Wed Dec 16 07:09:23 EST 2015
>
> >Why isn't this error trapped and managed by a pretty error page?
>
> It's a plain servlet and not MVC, so it's outside the reach of the error
> handling in the IdP, and I didn't consider the possible ways it might get
> invoked when it shouldn't be.
>
We identified this issue (not exactly but similar) in testing and found a
pretty straightforward workaround: defining a custom 500 error page in
web.xml. It's a trivial fix we should consider.
>I think this is a common error condition our users will see, but please
> >correct me if I'm wrong!
>
> Not if CAS didn't permit bookmarking, which no SSO should ever allow IMHO .
I think the protocol lends itself to bookmarking, but it's certainly not a
feature that is documented or supported formally. That said it shouldn't
puke a stack trace.
> But of course it's not beyond the possible for somebody to still
> explicitly go to that location, so it's a bug.
I'm fairly certain you're getting this behavior because your bookmark
includes a Webflow state identifier in the URL; the conversation=e1s1 bit.
That's presumably an artifact of the Jasig CAS server that also uses
Webflow for processing at the /login URI, but it's confusing the IdP.
M <users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151216/48ca70a3/attachment-0001.html>
More information about the users
mailing list