Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-20627

[GSS] (7.4.0) ELY-1626 - Programmatic web authentication (HttpServletRequest.login()) does not trigger sso

XMLWordPrintable

    • Regression
    • +
    • Hide

      Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted

      Login with web form - successfully creates JSESSIONIDSSO

      Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created

      Programmatic login does not create JSESSIONIDSSO:

      HTTP/1.1 302 Found
      Connection: keep-alive
      Location: http://localhost:8080/login-test/restricted
      Content-Length: 0
      Date: Wed, 02 Dec 2020 16:29:23 GMT 
      

      While posting to j_security_check successfully creates JSESSIONIDSSO:

      HTTP/1.1 302 Found
      Expires: 0
      Connection: keep-alive
      Cache-Control: no-cache, no-store, must-revalidate
      Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost
      Pragma: no-cache
      Location: http://localhost:8080/login-test/restricted
      Content-Length: 0
      Date: Wed, 02 Dec 2020 16:25:10 GMT
      
      Show
      Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted Login with web form - successfully creates JSESSIONIDSSO Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created Programmatic login does not create JSESSIONIDSSO: HTTP/1.1 302 Found Connection: keep-alive Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:29:23 GMT While posting to j_security_check successfully creates JSESSIONIDSSO: HTTP/1.1 302 Found Expires: 0 Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost Pragma: no-cache Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:25:10 GMT

      Programmatic web authentication (HttpServletRequest.login()) does not trigger sso (JSESSIONIDSSO does not get created) when using elytron/undertow.

      This worked fine in EAP 6 (eap 5 too but it was a bit different as
      HttpServletRequest.login() wasn't available at that time).

        1. standalone-full-ha.xml
          42 kB
        2. login-test.war.zip
          10 kB
        3. login-test_(3).zip
          16 kB

              jboss-set_jira JBoss SET
              rhn-support-ivassile Ilia Vassilev
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: