Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-14365

Programmatic web authentication (HttpServletRequest.login()) does not trigger sso

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 23.0.0.Final
    • None
    • None
    • None
    • Hide

      Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted

      Login with web form - successfully creates JSESSIONIDSSO

      Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created

      Programmatic login does not create JSESSIONIDSSO:

      HTTP/1.1 302 Found
Connection: keep-alive
Location: http://localhost:8080/login-test/restricted
Content-Length: 0
Date: Wed, 02 Dec 2020 16:29:23 GMT

      While posting to j_security_check successfully creates JSESSIONIDSSO:

      HTTP/1.1 302 Found
Expires: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost
Pragma: no-cache
Location: http://localhost:8080/login-test/restricted
Content-Length: 0
Date: Wed, 02 Dec 2020 16:25:10 GMT
      Show
      Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted Login with web form - successfully creates JSESSIONIDSSO Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created Programmatic login does not create JSESSIONIDSSO: HTTP/1.1 302 Found Connection: keep-alive Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:29:23 GMT While posting to j_security_check successfully creates JSESSIONIDSSO: HTTP/1.1 302 Found Expires: 0 Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost Pragma: no-cache Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:25:10 GMT

      Programmatic web authentication (HttpServletRequest.login()) does not trigger sso (JSESSIONIDSSO does not get created) when using elytron/undertow.

      This worked fine in EAP 6 (eap 5 too but it was a bit different as
      HttpServletRequest.login() wasn't available at that time).

              darran.lofthouse@redhat.com Darran Lofthouse
              rhn-support-ivassile Ilia Vassilev
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: