Thanks. We will redirect successful logins with insufficient permissions to a different page with error code 401 Unauthorized. But it cannot be the same page due to two audience categories.
On Thu, Mar 6, 2014 at 9:55 AM, Danushka Fernando <[email protected]>wrote: > Hi All > > Recently when I was configuring APIM with SSO and found some things. > > 1. If we try to access publisher it will redirect to SSO login page > and log us in and then redirect to the jaggery_acs. There if we don't have > permission to access rather than throwing a 401 or something it redirects > us to the publisher's login page. Not the SSO login page at least. > 2. If we try to login to store it will redirect to SSO login page and > log us in and then redirect to the jaggery_acs. There if we don't have > permission it log us out and then redirects to the SSO login page. > > First this is inconsistent to me. Second this is wrong to me, Because as a > logged in user in a *stratos or any other simmilar system* I dont want to > see the login page of the publisher or I don't want to get logged out > because I don't have permission to access the particular resource. IMO it > should be a 401 Unauthorized. > WDYT? > > Thanks & Regards > Danushka Fernando > Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 > -- /sumedha m: +94 773017743 b : bit.ly/sumedha
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
