You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2017/08/11 14:01:00 UTC
[jira] [Updated] (FEDIZ-137) IDP Login Cancel does not work
[ https://issues.apache.org/jira/browse/FEDIZ-137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated FEDIZ-137:
--------------------------------------
Fix Version/s: (was: 1.4.1)
1.4.2
> IDP Login Cancel does not work
> ------------------------------
>
> Key: FEDIZ-137
> URL: https://issues.apache.org/jira/browse/FEDIZ-137
> Project: CXF-Fediz
> Issue Type: Bug
> Components: IDP
> Reporter: Sergey Beryozkin
> Fix For: 1.4.2
>
>
> 'Cancel' does not seem to work.
> When a user goes to a realm selection page: and presses 'Cancel' there, the form does not react, though something changes in the server output, and then the 2nd Cancel results in a user being asked to enter the name and password.
> If the user selects a realm, and when asked to to enter the name and password:
> - if Cancel is pressed immediately in the name/password dialog then the user sees 401 reported by Tomcat itself, with the browser staying at "https://localhost:8443/fediz-idp/federation/up"
> - If a user enters a wrong name/password first and then on a second try presses Cancel - 401 is returned by this time from Spring Security:
> "HTTP Status 401 - No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken"
> In all the cases the user is 'locked' on the IDP endpoint with no way to return.
> The user should be optionally redirected back to the RP which is where the interaction with the user can be controlled better if needed in cases of Cancel given that Cancel is a message from the user that the user wishes to leave the login process hence 401 is not appropriate.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)