New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix authn delegation behavior #4644
Conversation
|
Codecov Report
@@ Coverage Diff @@
## master #4644 +/- ##
=========================================
Coverage 13.18% 13.18%
Complexity 2042 2042
=========================================
Files 2609 2609
Lines 53422 53422
Branches 4261 4261
=========================================
Hits 7044 7044
Misses 45979 45979
Partials 399 399
Continue to review full report at Codecov.
|
1 similar comment
Codecov Report
@@ Coverage Diff @@
## master #4644 +/- ##
=========================================
Coverage 13.18% 13.18%
Complexity 2042 2042
=========================================
Files 2609 2609
Lines 53422 53422
Branches 4261 4261
=========================================
Hits 7044 7044
Misses 45979 45979
Partials 399 399
Continue to review full report at Codecov.
|
I think I may have found a problem with your patch. Could you try the following scenario: Configure CAS to act as an OAUTH server (or SAML2 IDP server) I think the patch breaks the final redirect back to the client because it gets confused on how to resolve the service url. These lines likely should be put back:
|
@mmoayyed Thanks for the feedback, I will check that today. BTW, I saw that the build has failed because of a PMD check or something for the |
@mmoayyed
In both cases, I haven't been able to reproduce your issue. In fact, the Maybe I'm missing something in my tests... |
I just saw this PR: #4643 merged. Merging this one also... |
* master: minor dependency bump doc updates break apart passwordless jpa/ldap modules More debug trace instrumentation (apereo#4658) allow audit actions to be excluded combine passwordless with mfa fix tests OAuth20TokenAuthorizationResponseBuilder returns state and nonc… (apereo#4654) Extract issuer dn from certificate as x509 attribute (apereo#4655) Fix authn delegation behavior (apereo#4644) working on mfa flow orchestration clean up tests clean up clean up passwordless webflow module support passwordless with ldap clean up tests
If we force the authn delegation process on an existing SSO session, the current behavior is unappropriate: the credentials should not be put in the webflow for an existing session as they trigger a login process, erasing the previous authenticated user.
I also changed the visibility of two methods from
private
toprotected
for customisation purposes.