Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO session refresh won't reset WWSympa's session #560

Closed
ikedas opened this issue Mar 4, 2019 · 0 comments
Closed

SSO session refresh won't reset WWSympa's session #560

ikedas opened this issue Mar 4, 2019 · 0 comments
Assignees
@ikedas
Labels
bug design
Milestone
6.2.42

Comments

@ikedas
Copy link
Member

ikedas commented Mar 4, 2019
edited
Loading

Version

Confirmed with:

  • IdP: OpenAM 13.0
  • SP: Shibboleth-SP (Shibboleth 3.0.3)
  • Sympa: 6.2.40

Installation method

RPM (Sympa-JA.org)

Expected behavior

If SSO session was refreshed, (for example, timeout occurred on the side of IdP, and then the user signed on again), session of Sympa would be reset.

Actual behavior

Following error is shown

ERROR (sso_login) You are already logged in as [email]

and Sympa session of previous user is kept.

Background

Current documentation describes a sort of "lazy session initiation", i.e. Sympa will trigger sign-on (See instruction in current documentation).

We want to implement "portal-style" "active" flow, i.e. when an unauthorized user tried to access any location under /sympa, they would be redirected to the login form served by IdP. For example ---

In httpd configuration:

...

<Location /sympa>                                                     ★Whole Sympa site protected
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    require shib-session
</Location>

In shibboleth2.xml:

...

<SSO entityID="[entity ID of IdP]"
 target="https://[Sympa host]/sympa/sso_login/[Service name]/init">  ★Sign-on lets Sympa create session
  SAML2 SAML1
</SSO>
...

We don't need the button such as "SSO Login" on Sympa's user interface (we removed it by customizing web templates). Instead, we would like to reset Sympa's session as IdP needs.

Edit: Notes in config.
@ikedas ikedas mentioned this issue Mar 5, 2019
Merged
@ikedas ikedas changed the title SSO session refresh won't reset Sympa's session SSO session refresh won't reset WWSympa's session Mar 5, 2019
@ikedas ikedas self-assigned this Mar 5, 2019
ikedas added a commit that referenced this issue Mar 15, 2019
@ikedas
Merge pull request #561 from ikedas/issue-560 by ikedas
8af0881 
Reset WWSympa's session when SSO session refreshed (#560)
@ikedas ikedas closed this as completed Mar 15, 2019
@ikedas ikedas added this to the 6.2.42 milestone Mar 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ikedas ikedas

Labels
bug design
Projects
None yet
Milestone
6.2.42
Development

No branches or pull requests
1 participant
@ikedas