Colm O hEigeartaigh updated FEDIZ-137:
    Fix Version/s:     (was: 1.4.1)

> IDP Login Cancel does not work
> ------------------------------
>                 Key: FEDIZ-137
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-137
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: IDP
>            Reporter: Sergey Beryozkin
>             Fix For: 1.4.2
> 'Cancel' does not seem to work. 
> When a user goes to a realm selection page: and presses 'Cancel' there, the 
> form does not react, though something changes in the server output, and then 
> the 2nd Cancel results in a user being asked to enter the name and password. 
> If the user selects a realm, and when asked to  to enter the name and 
> password:
> - if Cancel is pressed immediately in the name/password dialog then the user 
> sees 401 reported by Tomcat itself, with the browser staying at 
> "https://localhost:8443/fediz-idp/federation/up";
> - If a user enters a wrong name/password first and then on a second try 
> presses Cancel - 401 is returned by this time from Spring Security:
> "HTTP Status 401 - No AuthenticationProvider found for 
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken"
> In all the cases the user is 'locked' on the IDP endpoint with no way to 
> return. 
> The user should be optionally redirected back to the RP  which is where the 
> interaction with the user can be controlled better if needed in cases of 
> Cancel given that Cancel is a message from the user that the user wishes to 
> leave the login process hence 401 is not appropriate. 

This message was sent by Atlassian JIRA

Reply via email to