•  
      request #18410 Open ID Connect Client+ Unique + Anonymous homepage + News => impossible to login
    Infos
    #18410
    Manuel Vacelet (vaceletm)
    2020-12-04 17:42
    2020-12-04 15:35
    19952
    Details
    Open ID Connect Client+ Unique + Anonymous homepage + News => impossible to login

    When the 4 conditions are met:

    1. Homepage generate a login URL with a state stored in session
    2. The news is displayed with an avatar that goes in error, this error is an HTML page with a login url that override the state generated at #1
    3. When the user attempt to login, the OIDC server returns to tuleap with the state generated at #1 but as this state is gone because of #2 => "Invalid request"
    Authentication & LDAP
    12.0
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Geoffroy Grelot (ggrelot)
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-12-04
    Attachments
    Empty
    References
    Referencing request #18410
    Referenced by request #18410

    Artifact Tracker v5

    rel #16653 12.3

    Follow-ups

    User avatar

    Integrated in Tuleap 12.2.99.169


    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2020-12-04