Hi, Thanks Tharindu and Farasath for the clarifications.
On Sat, Jan 20, 2018 at 9:12 AM, Farasath Ahamed <[email protected]> wrote: > > > On Friday, January 19, 2018, Sathya Bandara <[email protected]> wrote: > >> Hi all, >> >> When there is an already authenticated session for an application user >> with Identity Server, there is no necessity to prompt for another login to >> the IS if the user logs into the application from another tab in the same >> browser. >> However we can change the service providers authentication scheme >> (authentication steps and authenticators in each step) while the user has >> this session. >> In this case, if the user tries to log into the application he is not >> prompted for re-authentication. This is the default behavior of IS. >> Shouldn't we prompt the user to authenticate if the service provider's >> authentication scheme is modified or is this an intended behavior? >> >> Appreciate your thoughts on this. >> > > The reason for this behaviour is that we cache the service provider > configuration in the users session context(context created for successful > authentication ). This session context is stored against the cookie > (commonauth) used to identify whether the user already has a session in IS. > > So whenever a user reauthenticates user's authenticated steps/idps are > compared with cached service proivder configs. > > When you change the service provider configs it does not get reflected in > the cached service provider configs in the user's authenticated session. > > With the current implementation this is the expected behaviour. > > But IMO we should improve this to always fetch the latest service provider > configs and compare user's authentication steps/IDPs against it. (ie. We > should avoid caching configurations) > > Shall we create a github issue to track this improvement? > +1. created a github issue [1] to track this. > > Thanks, >> Sathya >> -- >> Sathya Bandara >> Software Engineer >> WSO2 Inc. http://wso2.com >> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >> >> <+94%2071%20411%205032> >> > > > -- > Farasath Ahamed > Senior Software Engineer, WSO2 Inc.; http://wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > > [1] https://github.com/wso2/product-is/issues/2137 -- Sathya Bandara Software Engineer WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 <+94%2071%20411%205032> <+94%2071%20411%205032>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
