From 536537dcabb29ba23578a16873522e04d89bed04 Mon Sep 17 00:00:00 2001 From: vasusadariya Date: Fri, 26 Dec 2025 19:27:38 +0530 Subject: [PATCH 1/4] fix unable to login if authentication is delegated to another CAS server issue --- app/views/AuthenticationWebView.tsx | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/app/views/AuthenticationWebView.tsx b/app/views/AuthenticationWebView.tsx index 74e28c92385..8a51af829cf 100644 --- a/app/views/AuthenticationWebView.tsx +++ b/app/views/AuthenticationWebView.tsx @@ -105,10 +105,11 @@ const AuthenticationWebView = () => { } if (authType === 'saml' || authType === 'cas') { const parsedUrl = parse(url, true); - // ticket -> cas / validate & saml_idp_credentialToken -> saml - if (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken) { - let payload: ICredentials; - if (authType === 'saml') { + // Only close the webview when redirected back to the Rocket.Chat server + // This prevents premature closure when CAS delegates to another CAS server for MFA + const isRocketChatServer = url.includes(server); + // ticket -> cas / validate & saml_idp_credentialToken -> saml + if (isRocketChatServer && (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken)) { const token = parsedUrl.query?.saml_idp_credentialToken || ssoToken; const credentialToken = { credentialToken: token }; payload = { ...credentialToken, saml: true }; From 3a6f76755437a6d128592d3994b56c41c0782a63 Mon Sep 17 00:00:00 2001 From: vasusadariya Date: Thu, 8 Jan 2026 00:18:13 +0530 Subject: [PATCH 2/4] added all the changes suggested by floriannari --- app/views/AuthenticationWebView.tsx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/views/AuthenticationWebView.tsx b/app/views/AuthenticationWebView.tsx index 8a51af829cf..010b1c5d230 100644 --- a/app/views/AuthenticationWebView.tsx +++ b/app/views/AuthenticationWebView.tsx @@ -105,11 +105,11 @@ const AuthenticationWebView = () => { } if (authType === 'saml' || authType === 'cas') { const parsedUrl = parse(url, true); - // Only close the webview when redirected back to the Rocket.Chat server - // This prevents premature closure when CAS delegates to another CAS server for MFA - const isRocketChatServer = url.includes(server); - // ticket -> cas / validate & saml_idp_credentialToken -> saml + + const isRocketChatServer = url.startsWith(server); if (isRocketChatServer && (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken)) { + let payload; + if (parsedUrl.query?.saml_idp_credentialToken) { const token = parsedUrl.query?.saml_idp_credentialToken || ssoToken; const credentialToken = { credentialToken: token }; payload = { ...credentialToken, saml: true }; From 6de0dddecc734934b36aebc8bdbc01ed7fb0b199 Mon Sep 17 00:00:00 2001 From: vasusadariya Date: Fri, 9 Jan 2026 11:34:23 +0530 Subject: [PATCH 3/4] fix: prevent premature webview closure when CAS delegates to another server for MFA (issue #6833) --- app/views/AuthenticationWebView.tsx | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/views/AuthenticationWebView.tsx b/app/views/AuthenticationWebView.tsx index 010b1c5d230..af8619755bf 100644 --- a/app/views/AuthenticationWebView.tsx +++ b/app/views/AuthenticationWebView.tsx @@ -105,11 +105,13 @@ const AuthenticationWebView = () => { } if (authType === 'saml' || authType === 'cas') { const parsedUrl = parse(url, true); - - const isRocketChatServer = url.startsWith(server); - if (isRocketChatServer && (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken)) { - let payload; - if (parsedUrl.query?.saml_idp_credentialToken) { + // Only close the webview when redirected back to the Rocket.Chat server + // This prevents premature closure when CAS delegates to another CAS server for MFA + const isRocketChatServer = url.startsWith(server); + // ticket -> cas / validate & saml_idp_credentialToken -> saml + if (isRocketChatServer && (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken)) { + let payload: ICredentials; + if (authType === 'saml') { const token = parsedUrl.query?.saml_idp_credentialToken || ssoToken; const credentialToken = { credentialToken: token }; payload = { ...credentialToken, saml: true }; From e5d3bf87d32cfe076c641640faf5ceb15897c250 Mon Sep 17 00:00:00 2001 From: vasusadariya Date: Thu, 19 Mar 2026 19:38:33 +0000 Subject: [PATCH 4/4] chore: format code and fix lint issues --- app/views/AuthenticationWebView.tsx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/views/AuthenticationWebView.tsx b/app/views/AuthenticationWebView.tsx index af8619755bf..1828085e158 100644 --- a/app/views/AuthenticationWebView.tsx +++ b/app/views/AuthenticationWebView.tsx @@ -109,7 +109,10 @@ const AuthenticationWebView = () => { // This prevents premature closure when CAS delegates to another CAS server for MFA const isRocketChatServer = url.startsWith(server); // ticket -> cas / validate & saml_idp_credentialToken -> saml - if (isRocketChatServer && (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken)) { + if ( + isRocketChatServer && + (parsedUrl.pathname?.includes('validate') || parsedUrl.query?.ticket || parsedUrl.query?.saml_idp_credentialToken) + ) { let payload: ICredentials; if (authType === 'saml') { const token = parsedUrl.query?.saml_idp_credentialToken || ssoToken;