Skip to content

bug: unable to login if authentication is delegated to another CAS serverΒ #6833

New issue
New issue
Open
Open
bug: unable to login if authentication is delegated to another CAS server#6833
Labels
πŸ› bug
@floriannari

Description

@floriannari
floriannari
opened on Dec 3, 2025

Describe the Bug

In our authentication system, we have 2 CAS servers (one for first-factor authentication, the other for MFA).
When the first factor is validated, CAS redirects to the CAS server dedicated to the second factor (with the ticket of the first CAS server in the URL), the Rocket.Chat application considers the authentication successful and avoids validating the MFA.

Rocket.Chat.ReactNative/app/views/AuthenticationWebView.tsx

Line 109 in 788cb8d

if (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken) {

Video.mov

Steps to Reproduce

  1. Select a Rocket.Chat server whose CAS server delegates to another CAS server
  2. Validate the first authentication
    It is not possible to validate the second factor.

Expected Behavior

The Rocket.Chat mobile application should only close the AuthenticationWebView once you've arrived at the requested service.

Actual Behavior

The Rocket.Chat mobile application closes the AuthenticationWebView when a CAS ticket is found in the URL

Rocket.Chat.ReactNative/app/views/AuthenticationWebView.tsx

Line 109 in 788cb8d

if (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken) {

Rocket.Chat Server Version

7.1.0

Rocket.Chat App Version

4.67.0.107747

Device Name

Apple iPad 9

OS Version

iPadOS 18.7.2

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    πŸ› bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions