[overlord-issues] [JBoss JIRA] (SRAMP-440) Add a final redirect filter to overlord SPs
Eric Wittmann (JIRA)
issues at jboss.org
Wed May 21 09:50:57 EDT 2014
Eric Wittmann created SRAMP-440:
-----------------------------------
Summary: Add a final redirect filter to overlord SPs
Key: SRAMP-440
URL: https://issues.jboss.org/browse/SRAMP-440
Project: S-RAMP
Issue Type: Enhancement
Security Level: Public (Everyone can see)
Components: UI
Reporter: Eric Wittmann
Assignee: Brett Meyer
Fix For: 0.5.0.Final
The IDP (when running in tomcat, jetty, fuse) causes the browser to do a POST of the SAML assertion to the SP (e.g. s-ramp-ui). This POST is consumed by the SPFilter and the assertion is consumed. At this point the user is authenticated and the UI is loaded.
However, if the user then tries to refresh the page, the browser will likely ask if the user wishes to Resend data.
To avoid this problem we should have a filter that does a final redirect (only after a POST to the SPFilter) so that the browser finishes up with a GET request to the UI rather than a POST.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the overlord-issues
mailing list