Sergey Beryozkin created FEDIZ-137:
--------------------------------------
Summary: IDP Login Cancel does not work
Key: FEDIZ-137
URL: https://issues.apache.org/jira/browse/FEDIZ-137
Project: CXF-Fediz
Issue Type: Bug
Components: IDP
Reporter: Sergey Beryozkin
Fix For: 1.3.0
'Cancel' does not seem to work.
When a user goes to a realm selection page: and presses 'Cancel' there, the
form does not react, though something changes in the server output, and then
the 2nd Cancel results in a user being asked to enter the name and password.
If the user selects a realm, and when asked to to enter the name and password:
- if Cancel is pressed immediately in the name/password dialog then the user
sees 401 reported by Tomcat itself, with the browser staying at
"https://localhost:8443/fediz-idp/federation/up";
- If a user enters a wrong name/password first and then on a second try presses
Cancel - 401 is returned by this time from Spring Security:
"HTTP Status 401 - No AuthenticationProvider found for
org.springframework.security.authentication.UsernamePasswordAuthenticationToken"
In all the cases the user is 'locked' on the IDP endpoint with no way to
return.
The user should be optionally redirected back to the RP which is where the
interaction with the user can be controlled better if needed in cases of Cancel
given that Cancel is a message from the user that the user wishes to leave the
login process hence 401 is not appropriate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
