[JBoss JIRA] Created: (SEAMSECURITY-56) OpenID RP login doesn't reset authentication state on failure
12:59 a.m.
OpenID RP login doesn't reset authentication state on failure
-------------------------------------------------------------
Key: SEAMSECURITY-56
URL: https://issues.jboss.org/browse/SEAMSECURITY-56
Project: Seam Security
Issue Type: Bug
Reporter: Patrick McFarland
Currently, the OpenID RP example doesn't reset the authentication state on failure to
authenticate.
Go to the login form, select MyOpenID, hit login, hit cancel while on the MyOpenID site,
you will be redirected to the AuthenticationFailed.xhtml; from there, go back to the login
form and try logging in.
This will produce an exception that is logged only (you are redirected back to the login
form, which now works): ERROR [org.jboss.seam.security.IdentityImpl] Login failed:
java.lang.IllegalStateException: Authentication already in progress.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:26 p.m.
New subject: [JBoss JIRA] Commented: (SEAMSECURITY-56) OpenID RP login doesn't reset authentication state on failure
[
https://issues.jboss.org/browse/SEAMSECURITY-56?page=com.atlassian.jira.p...
]
Patrick McFarland commented on SEAMSECURITY-56:
-----------------------------------------------
There actually seems to be a fix for this. deferredAuthentication.fire(new
DeferredAuthenticationEvent()); should be executed on both loginSucceeded and loginFailed
inside OpenIdRelyingPartySpiImpl.
OpenID RP login doesn't reset authentication state on failure
-------------------------------------------------------------
Key: SEAMSECURITY-56
URL: https://issues.jboss.org/browse/SEAMSECURITY-56
Project: Seam Security
Issue Type: Bug
Reporter: Patrick McFarland
Currently, the OpenID RP example doesn't reset the authentication state on failure to
authenticate.
Go to the login form, select MyOpenID, hit login, hit cancel while on the MyOpenID site,
you will be redirected to the AuthenticationFailed.xhtml; from there, go back to the login
form and try logging in.
This will produce an exception that is logged only (you are redirected back to the login
form, which now works): ERROR [org.jboss.seam.security.IdentityImpl] Login failed:
java.lang.IllegalStateException: Authentication already in progress.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:45 a.m.
New subject: [JBoss JIRA] Assigned: (SEAMSECURITY-56) OpenID RP login doesn't reset authentication state on failure
[
https://issues.jboss.org/browse/SEAMSECURITY-56?page=com.atlassian.jira.p...
]
Shane Bryzak reassigned SEAMSECURITY-56:
----------------------------------------
Assignee: Shane Bryzak
OpenID RP login doesn't reset authentication state on failure
-------------------------------------------------------------
Key: SEAMSECURITY-56
URL: https://issues.jboss.org/browse/SEAMSECURITY-56
Project: Seam Security
Issue Type: Bug
Reporter: Patrick McFarland
Assignee: Shane Bryzak
Currently, the OpenID RP example doesn't reset the authentication state on failure to
authenticate.
Go to the login form, select MyOpenID, hit login, hit cancel while on the MyOpenID site,
you will be redirected to the AuthenticationFailed.xhtml; from there, go back to the login
form and try logging in.
This will produce an exception that is logged only (you are redirected back to the login
form, which now works): ERROR [org.jboss.seam.security.IdentityImpl] Login failed:
java.lang.IllegalStateException: Authentication already in progress.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
4976
days inactive
5009
days old
2 comments
2 participants
participants (2)
-
Patrick McFarland (JIRA) -
Shane Bryzak (JIRA)