Thats seems OK for me. +1. Thanks & Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729
On Wed, Mar 5, 2014 at 8:33 PM, Sumedha Rubasinghe <[email protected]> wrote: > Thanks. We will redirect successful logins with insufficient permissions > to a different page with error code 401 Unauthorized. > But it cannot be the same page due to two audience categories. > > > > On Thu, Mar 6, 2014 at 9:55 AM, Danushka Fernando <[email protected]>wrote: > >> Hi All >> >> Recently when I was configuring APIM with SSO and found some things. >> >> 1. If we try to access publisher it will redirect to SSO login page >> and log us in and then redirect to the jaggery_acs. There if we don't have >> permission to access rather than throwing a 401 or something it redirects >> us to the publisher's login page. Not the SSO login page at least. >> 2. If we try to login to store it will redirect to SSO login page and >> log us in and then redirect to the jaggery_acs. There if we don't have >> permission it log us out and then redirects to the SSO login page. >> >> First this is inconsistent to me. Second this is wrong to me, Because as >> a logged in user in a *stratos or any other simmilar system* I dont want >> to see the login page of the publisher or I don't want to get logged out >> because I don't have permission to access the particular resource. IMO it >> should be a 401 Unauthorized. >> WDYT? >> >> Thanks & Regards >> Danushka Fernando >> Software Engineer >> WSO2 inc. http://wso2.com/ >> Mobile : +94716332729 >> > > > > -- > /sumedha > m: +94 773017743 > b : bit.ly/sumedha >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
