[
https://issues.apache.org/jira/browse/FEDIZ-137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated FEDIZ-137:
--------------------------------------
Fix Version/s: (was: 1.3.1)
1.3.2
> IDP Login Cancel does not work
> ------------------------------
>
> Key: FEDIZ-137
> URL: https://issues.apache.org/jira/browse/FEDIZ-137
> Project: CXF-Fediz
> Issue Type: Bug
> Components: IDP
> Reporter: Sergey Beryozkin
> Fix For: 1.3.2
>
>
> 'Cancel' does not seem to work.
> When a user goes to a realm selection page: and presses 'Cancel' there, the
> form does not react, though something changes in the server output, and then
> the 2nd Cancel results in a user being asked to enter the name and password.
> If the user selects a realm, and when asked to to enter the name and
> password:
> - if Cancel is pressed immediately in the name/password dialog then the user
> sees 401 reported by Tomcat itself, with the browser staying at
> "https://localhost:8443/fediz-idp/federation/up";
> - If a user enters a wrong name/password first and then on a second try
> presses Cancel - 401 is returned by this time from Spring Security:
> "HTTP Status 401 - No AuthenticationProvider found for
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken"
>
> In all the cases the user is 'locked' on the IDP endpoint with no way to
> return.
> The user should be optionally redirected back to the RP which is where the
> interaction with the user can be controlled better if needed in cases of
> Cancel given that Cancel is a message from the user that the user wishes to
> leave the login process hence 401 is not appropriate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
