Hi All Recently when I was configuring APIM with SSO and found some things.
1. If we try to access publisher it will redirect to SSO login page and log us in and then redirect to the jaggery_acs. There if we don't have permission to access rather than throwing a 401 or something it redirects us to the publisher's login page. Not the SSO login page at least. 2. If we try to login to store it will redirect to SSO login page and log us in and then redirect to the jaggery_acs. There if we don't have permission it log us out and then redirects to the SSO login page. First this is inconsistent to me. Second this is wrong to me, Because as a logged in user in a *stratos or any other simmilar system* I dont want to see the login page of the publisher or I don't want to get logged out because I don't have permission to access the particular resource. IMO it should be a 401 Unauthorized. WDYT? Thanks & Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
