Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.3.CR1, 7.4.3.GA
Affects Version/s: 7.3.3.GA
Component/s: Security
Labels:
- test_included

Affects Testing:

Regression
QE Test Coverage:
+
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/wildfly-security/elytron-web/pull/184, https://github.com/wildfly/wildfly/pull/13939, https://github.com/wildfly-security/wildfly-elytron/pull/1483
Steps to Reproduce:
Hide

Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted

Login with web form - successfully creates JSESSIONIDSSO

Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created

Programmatic login does not create JSESSIONIDSSO:

HTTP/1.1 302 Found Connection: keep-alive Location: http://localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:29:23 GMT

While posting to j_security_check successfully creates JSESSIONIDSSO:

HTTP/1.1 302 Found Expires: 0 Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost Pragma: no-cache Location: http://localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:25:10 GMT
Show
Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted Login with web form - successfully creates JSESSIONIDSSO Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created Programmatic login does not create JSESSIONIDSSO: HTTP/1.1 302 Found Connection: keep-alive Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:29:23 GMT While posting to j_security_check successfully creates JSESSIONIDSSO: HTTP/1.1 302 Found Expires: 0 Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost Pragma: no-cache Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:25:10 GMT

SFDC Cases Counter:
SFDC Cases Links:

Description

Programmatic web authentication (HttpServletRequest.login()) does not trigger sso (JSESSIONIDSSO does not get created) when using elytron/undertow.

This worked fine in EAP 6 (eap 5 too but it was a bit different as
HttpServletRequest.login() wasn't available at that time).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

login-test_(3).zip
16 kB
2020/12/02 3:55 PM
login-test.war.zip
10 kB
2020/12/02 3:37 PM
standalone-full-ha.xml
42 kB
2020/12/02 3:37 PM

Issue Links

clones

JBEAP-15205 [GSS] (7.1.z) Programmatic web authentication (HttpServletRequest.login()) does not trigger sso

Closed

is cloned by

ELY-1626 Programmatic web authentication (HttpServletRequest.login()) does not trigger sso

Resolved

is related to

JBEAP-15206 [GSS] (7.4.z) Clustered SSO does not work in simple test case

Closed

Activity

People

Assignee:: JBoss SET

Reporter:: Ilia Vassilev

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2020/12/02 3:31 PM

Updated:: 2023/01/03 5:47 AM

Resolved:: 2021/11/04 4:12 AM