Project

General

Profile

Bug #18948

User logged in via SSO is redirected to login form after session expiration instead of auto re-login

Added by Marek Hulán about 2 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

The problem is that the session is cleared and does not preserve the information it should, such as sso_method, organization and location context. The cause is that we call session.merge! which does not work as expected. We need to use update instead which is called on the delegated session hash. We have a test for this method but unfortunately it passes since rails tests are using different implementation for sessions ActionController::TestSession while in runtime, ActionDispatch::Request::Session is used. I'm not sure how to test that properly.

Associated revisions

Revision 70f7a9b9 (diff)
Added by Marek Hulán about 2 years ago

Fixes #18948 - correctly relogin user with SSO sessions

Revision 5992f9a2 (diff)
Added by Marek Hulán about 2 years ago

Fixes #18948 - correctly relogin user with SSO sessions

(cherry picked from commit 70f7a9b993e98a738e691db6a2deb6b87e9b482b)

History

#1 Updated by Marek Hulán about 2 years ago

Steps to reproduce

1) use SSO for logging in
2) let the session expire (you might need to disable notifications polling
3) reload the page

Actual results

you're redirected to login page with information about session expiration

Expected results

if SSO is still available (e.g. REMOTE_USER is set), user should be logged in immediately

#2 Updated by The Foreman Bot about 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4384 added

#3 Updated by Anonymous about 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Dominic Cleal about 2 years ago

  • Legacy Backlogs Release (now unused) set to 227

Also available in: Atom PDF