[ https://issues.apache.org/jira/browse/FEDIZ-137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated FEDIZ-137: -------------------------------------- Fix Version/s: (was: 1.3.2) 1.4.0 > IDP Login Cancel does not work > ------------------------------ > > Key: FEDIZ-137 > URL: https://issues.apache.org/jira/browse/FEDIZ-137 > Project: CXF-Fediz > Issue Type: Bug > Components: IDP > Reporter: Sergey Beryozkin > Fix For: 1.4.0 > > > 'Cancel' does not seem to work. > When a user goes to a realm selection page: and presses 'Cancel' there, the > form does not react, though something changes in the server output, and then > the 2nd Cancel results in a user being asked to enter the name and password. > If the user selects a realm, and when asked to to enter the name and > password: > - if Cancel is pressed immediately in the name/password dialog then the user > sees 401 reported by Tomcat itself, with the browser staying at > "https://localhost:8443/fediz-idp/federation/up" > - If a user enters a wrong name/password first and then on a second try > presses Cancel - 401 is returned by this time from Spring Security: > "HTTP Status 401 - No AuthenticationProvider found for > org.springframework.security.authentication.UsernamePasswordAuthenticationToken" > > In all the cases the user is 'locked' on the IDP endpoint with no way to > return. > The user should be optionally redirected back to the RP which is where the > interaction with the user can be controlled better if needed in cases of > Cancel given that Cancel is a message from the user that the user wishes to > leave the login process hence 401 is not appropriate. -- This message was sent by Atlassian JIRA (v6.3.15#6346)