Darran Lofthouse created ELY-2074:
-------------------------------------
Summary: SSO from FORM authentication required a distributed session
Key: ELY-2074
URL:
https://issues.redhat.com/browse/ELY-2074
Project: WildFly Elytron
Issue Type: Bug
Components: HTTP
Affects Versions: 1.14.1.Final
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 1.14.2.CR1
Presently SSO only works on failover if also have a distributed HTTP session.
The SSO support is supposed to be operating independently of the session otherwise we
should have just used the session to replicate the identity. I suspect that when we
attempt to restore the identity we check if we have a session scope but as it does not
exist we skip attempting the restoration, we should be open to restoration being possible
without a session.
Overall however it feels like this approach will require some clean up which may be needed
for ELY-1626 - instead of the current approach which intercepts session access and
converts to SSO we may be better making SSO a real scope or something similar so
mechanisms can interact directly with it. The approach today where we wrap the scope
access and intercept the calls means mechanisms can easily make invalid assumptions about
scope availability such as in this case.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)