Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-14365

Programmatic web authentication (HttpServletRequest.login()) does not trigger sso

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Critical
    • Resolution: Done
    • None
    • 23.0.0.Final
    • None
    • None
    • Hide

      Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted

      Login with web form - successfully creates JSESSIONIDSSO

      Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created

      Programmatic login does not create JSESSIONIDSSO:

      HTTP/1.1 302 Found
      Connection: keep-alive
      Location: http://localhost:8080/login-test/restricted
      Content-Length: 0
      Date: Wed, 02 Dec 2020 16:29:23 GMT 
      

      While posting to j_security_check successfully creates JSESSIONIDSSO:

      HTTP/1.1 302 Found
      Expires: 0
      Connection: keep-alive
      Cache-Control: no-cache, no-store, must-revalidate
      Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost
      Pragma: no-cache
      Location: http://localhost:8080/login-test/restricted
      Content-Length: 0
      Date: Wed, 02 Dec 2020 16:25:10 GMT
      
      Show
      Start JBoss EAP with the attached configuration file standalone-full-ha.xml and deploy login-test.war. Open browser with Development console. Access http://localhost:8080/login-test/restricted Login with web form - successfully creates JSESSIONIDSSO Click on "Submit" button under "Click to programmatically login with request.login()" to trigger programmatic login - no JSESSIONIDSSO is created Programmatic login does not create JSESSIONIDSSO: HTTP/1.1 302 Found Connection: keep-alive Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:29:23 GMT While posting to j_security_check successfully creates JSESSIONIDSSO: HTTP/1.1 302 Found Expires: 0 Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost Pragma: no-cache Location: http: //localhost:8080/login-test/restricted Content-Length: 0 Date: Wed, 02 Dec 2020 16:25:10 GMT

    Description

      Programmatic web authentication (HttpServletRequest.login()) does not trigger sso (JSESSIONIDSSO does not get created) when using elytron/undertow.

      This worked fine in EAP 6 (eap 5 too but it was a bit different as
      HttpServletRequest.login() wasn't available at that time).

      Attachments

        Issue Links

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              rhn-support-ivassile Ilia Vassilev
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: