[JBoss JIRA] (RTGOV-545) Console did not prompt user for password
by Gary Brown (JIRA)
Gary Brown created RTGOV-545:
--------------------------------
Summary: Console did not prompt user for password
Key: RTGOV-545
URL: https://issues.jboss.org/browse/RTGOV-545
Project: RTGov (Run Time Governance)
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Gary Brown
Assignee: Eric Wittmann
Fix For: 2.0.0.Final
When testing new EAP 6.3 with rtgov installed, went to rtgov-ui URL in chrome and it logged straight in without prompting for user to enter their password.
In this case, it showed the full UI and was able to navigate to the services page and see a quickstart (switchyard) service that had been installed. But on other occasions I have just see the overlord header.
When doing a browser refresh it then goes to the overlord login page.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
10 years, 5 months
[JBoss JIRA] (SRAMP-440) Add a final redirect filter to overlord SPs
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/SRAMP-440?page=com.atlassian.jira.plugin.... ]
Brett Meyer closed SRAMP-440.
-----------------------------
Resolution: Done
> Add a final redirect filter to overlord SPs
> -------------------------------------------
>
> Key: SRAMP-440
> URL: https://issues.jboss.org/browse/SRAMP-440
> Project: S-RAMP
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: UI
> Reporter: Eric Wittmann
> Assignee: Brett Meyer
> Fix For: 0.5.0.Beta1
>
>
> The IDP (when running in tomcat, jetty, fuse) causes the browser to do a POST of the SAML assertion to the SP (e.g. s-ramp-ui). This POST is consumed by the SPFilter and the assertion is consumed. At this point the user is authenticated and the UI is loaded.
> However, if the user then tries to refresh the page, the browser will likely ask if the user wishes to Resend data.
> To avoid this problem we should have a filter that does a final redirect (only after a POST to the SPFilter) so that the browser finishes up with a GET request to the UI rather than a POST.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
10 years, 5 months
[JBoss JIRA] (SRAMP-440) Add a final redirect filter to overlord SPs
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/SRAMP-440?page=com.atlassian.jira.plugin.... ]
Brett Meyer updated SRAMP-440:
------------------------------
Fix Version/s: (was: 0.5.0)
> Add a final redirect filter to overlord SPs
> -------------------------------------------
>
> Key: SRAMP-440
> URL: https://issues.jboss.org/browse/SRAMP-440
> Project: S-RAMP
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: UI
> Reporter: Eric Wittmann
> Assignee: Brett Meyer
>
> The IDP (when running in tomcat, jetty, fuse) causes the browser to do a POST of the SAML assertion to the SP (e.g. s-ramp-ui). This POST is consumed by the SPFilter and the assertion is consumed. At this point the user is authenticated and the UI is loaded.
> However, if the user then tries to refresh the page, the browser will likely ask if the user wishes to Resend data.
> To avoid this problem we should have a filter that does a final redirect (only after a POST to the SPFilter) so that the browser finishes up with a GET request to the UI rather than a POST.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
10 years, 5 months
[JBoss JIRA] (SRAMP-440) Add a final redirect filter to overlord SPs
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/SRAMP-440?page=com.atlassian.jira.plugin.... ]
Brett Meyer updated SRAMP-440:
------------------------------
Fix Version/s: 0.5.0.Beta1
> Add a final redirect filter to overlord SPs
> -------------------------------------------
>
> Key: SRAMP-440
> URL: https://issues.jboss.org/browse/SRAMP-440
> Project: S-RAMP
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: UI
> Reporter: Eric Wittmann
> Assignee: Brett Meyer
> Fix For: 0.5.0.Beta1
>
>
> The IDP (when running in tomcat, jetty, fuse) causes the browser to do a POST of the SAML assertion to the SP (e.g. s-ramp-ui). This POST is consumed by the SPFilter and the assertion is consumed. At this point the user is authenticated and the UI is loaded.
> However, if the user then tries to refresh the page, the browser will likely ask if the user wishes to Resend data.
> To avoid this problem we should have a filter that does a final redirect (only after a POST to the SPFilter) so that the browser finishes up with a GET request to the UI rather than a POST.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
10 years, 5 months