request #18410 Open ID Connect Client+ Unique + Anonymous homepage + News => impossible to login

Artifact

Infos

Artifact ID#18410

Submitted byManuel Vacelet (vaceletm)

Last Modified On2020-12-04 17:42

Submitted on2020-12-04 15:35

Rank19957

Details

Summary *

Open ID Connect Client+ Unique + Anonymous homepage + News => impossible to login

Original Submission

When the 4 conditions are met:

Homepage generate a login URL with a state stored in session
The news is displayed with an avatar that goes in error, this error is an HTML page with a login url that override the state generated at #1
When the user attempt to login, the OIDC server returns to tuleap with the state generated at #1 but as this state is gone because of #2 => "Invalid request"

CategoryAuthentication & LDAP

Reported in version12.0

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listGeoffroy Grelot (ggrelot)

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2020-12-04

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #16653	Tuleap	Releases	12.3	Delivered	2020-12-10 09:59	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #18410

Artifact Tracker v5

request #18411 Error on avatar should not output an HTML page

Git commit

tuleap/tuleap/stable

Generate the "OIDC authentication state" only when the user explicitely asks to be authenticated 2979c50563

Thomas Gerbet (tgerbet) , 2020-12-04 16:42

Show items referenced by request #18410

Referenced by request #18410

Artifact Tracker v5

rel #16653 12.3

Other

Follow-ups

Manuel Vacelet (vaceletm)

2020-12-04 17:42

Integrated in Tuleap 12.2.99.169

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #16653
Close date set to 2020-12-04

Thomas Gerbet (tgerbet)

2020-12-04 16:08

Patch under review: gerrit #20987.

Status changed from Under implementation to Under review

Thomas Gerbet (tgerbet)

2020-12-04 15:39

Assigned to changed from None to Thomas Gerbet (tgerbet)