Project

General

Profile

Actions

Bug #18948

closed

User logged in via SSO is redirected to login form after session expiration instead of auto re-login

Added by Marek Hulán about 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

The problem is that the session is cleared and does not preserve the information it should, such as sso_method, organization and location context. The cause is that we call session.merge! which does not work as expected. We need to use update instead which is called on the delegated session hash. We have a test for this method but unfortunately it passes since rails tests are using different implementation for sessions ActionController::TestSession while in runtime, ActionDispatch::Request::Session is used. I'm not sure how to test that properly.

Actions #1

Updated by Marek Hulán about 7 years ago

Steps to reproduce

1) use SSO for logging in
2) let the session expire (you might need to disable notifications polling
3) reload the page

Actual results

you're redirected to login page with information about session expiration

Expected results

if SSO is still available (e.g. REMOTE_USER is set), user should be logged in immediately

Actions #2

Updated by The Foreman Bot about 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4384 added
Actions #3

Updated by Anonymous about 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #4

Updated by Dominic Cleal about 7 years ago

  • translation missing: en.field_release set to 227
Actions

Also available in: Atom PDF