Closed tauthement closed 3 years ago
tauthement
commented
3 years ago Small update:
After I'm redirected to /scp/login.php, if I have a current CAS session and I click the logo at the top of the login box (that goes to /scp/index.php), I am redirected into the the helpdesk successfully.
kevinoconnor7
commented
3 years ago Hmm that's strange. The flow is a bit wonky but overall it should be:
scp/login.php you click the CAS login button/scp/login.php?do=ext&bk=cas/api/auth/ext/api/auth/ext/scp/login.php/scp/ (if successful login)So, the question then becomes are you getting stuck at (2) or (5)? From what you describe it sounds like you're getting stuck at (5) which is a bit strange. Basically (4) was supposed to write session data which then gets read again in (5) to finally log you into osTicket.
It's not clear to me why this would only work once though, and especially why going to /scp/ directly would work from the login page (this would imply that the session data is actually there but the login page isn't reading it?).
OOC, were any other changes made apart from upgrading the plugin? PHP upgrade? Apache/nginx?
tauthement
commented
3 years ago I believe I'm actually getting stuck at (2). I'm trying to reproduce it, but sometimes it works and I successfully get redirect to the SSO login, and sometimes I just get looped back to /scp/login.php.
Here are some screencasts of it working and not working. Hopefully that helps explain it a little more. I have the dev tools open to show you the console as I'm going through the process.
No other upgrades were done. Only osTicket was upgraded from 1.14.3 to 1.15. The CAS plugin version stayed the same, as I had 1.2.0 installed on osTicket 1.14.3. PHP is v7.4.10 and Apache is v2.4.25.
kevinoconnor7
commented
3 years ago oops sorry, I misread and thought you had upgraded the plugin and that's when issues popped up. Looks like 1.15 just came out. I'll upgrade my dev environment later today and see if I can reproduce the issue.
sevmonster
commented
3 years ago Note that 1.15 has changed some authentication gubbins with new 2FA functionality and password policies. Don't know how much of that might be affecting this process.
kevinoconnor7
commented
3 years ago So I have no idea what happened in v1.15, but login.php no longer kicks you into the staff panel if you're already logged in. I updated the plugin to redirect to the scp root directory which resolves the issue though. I'll publish a new plugin release shortly.
kevinoconnor7
commented
3 years ago Published v1.2.1.
tauthement
commented
3 years ago Thanks! I’ll test this out on my install this week.
sevmonster
commented
3 years ago sevmonster
commented
3 years ago This patch fixes the issue, so once it lands 5f1206148d0a8186f035d0ce10e558bfc8fd3b3c can be reverted. I tested the patch on v1.2.0.
Hello,
I just upgraded to osTicket v1.15 and use v1.2.0 of the CAS plugin. The plugin works fine for the client side, but seems to have problems on the agent side. I can login the first time after clearing my browser data but subsequent attempts to go to https://url.com/scp/login.php?do=ext&bk=cas redirect me back to /scp/login.php. The same thing happens if I open an incognito tab. I've tested this on Chrome and Safari on macOS Big Sur.
Clicking on the SSO button on /scp/login.php redirects me back to the login page.
Are there any logs that I could pull for you or any other data that would help?
I did not have issues with osTicket 1.14 so it may be possible it's a problem with osTicket 1.15. However, I just wanted to start here since I know they would probably refer me here first.
Thanks, Tim