Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0038566Openbravo ERPA. Platformpublic2018-05-16 17:312018-05-25 14:08
Reportergorkaion 
Assigned Tocaristu 
PriorityimmediateSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR18Q3 
Merge Request Status
Review Assigned Toalostale
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression levelProduction - Confirmed Stable
Regression date2017-05-30
Regression introduced in release3.0PR17Q3
Regression introduced by commithttps://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c [^]
Triggers an Emergency PackNo
Summary0038566: Autologon and AuthenticationManagers using SSO not working
DescriptionIf you configure an application to use the Autologon Authentication Manager the application is always redirected to the Login page.

The issue is in the index.jsp file.

It is retrieving the AD_SESSION_ID parameter and, if it is not set, it redirects to the login page.

That value is set by the Autologon and other SSO AM later when the authenticate method is executed. So these AM are always redirected to the login page.
Steps To ReproduceConfigure the Openbravo.properties to use Autologon AM:

authentication.class=org.openbravo.authentication.basic.AutologonAuthenticationManager
authentication.autologon.username=Openbravo

compile and try to access the application
Proposed SolutionProposed solution is to create a new method in the AuthenticationManager to determine if the AM is using a SSO login or not. In case of using SSO it should not redirect to the login as the session will be created in the authenticate method.

If finally an authentication is needed the authenticate method should redirect to the login page.
Additional Information
TagsNo tags attached.
Relationships
depends on backport 00386173.0PR18Q2.1 closed caristu Autologon and AuthenticationManagers using SSO not working 
depends on backport 00386183.0PR18Q1.4 closed caristu Autologon and AuthenticationManagers using SSO not working 
caused by defect 0030031 closed alostale row created in ad_session for same cookie after every erp logout 
related to design defect 0038580 acknowledged Triage Platform Base Remove AutologonAuthenticationManager 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-05-16 17:31gorkaionNew Issue
2018-05-16 17:31gorkaionAssigned To => platform
2018-05-16 17:31gorkaionModules => Core
2018-05-16 17:31gorkaionResolution time => 1528236000
2018-05-16 17:31gorkaionRegression level => Production - Confirmed Stable
2018-05-16 17:31gorkaionRegression date => 2017-05-30
2018-05-16 17:31gorkaionRegression introduced in release => 3.0PR17Q3
2018-05-16 17:31gorkaionRegression introduced by commit => https://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c [^]
2018-05-16 17:31gorkaionTriggers an Emergency Pack => No
2018-05-18 09:48alostaleRelationship addedrelated to 0038580
2018-05-24 14:07caristuStatusnew => scheduled
2018-05-24 14:07caristuAssigned Toplatform => caristu
2018-05-24 17:49hgbotCheckin
2018-05-24 17:49hgbotNote Added: 0104677
2018-05-24 17:49hgbotStatusscheduled => resolved
2018-05-24 17:49hgbotResolutionopen => fixed
2018-05-24 17:49hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/1fe924480aa8f9bf2bf332886c0b6be4446ef528 [^]
2018-05-24 17:50caristuRelationship addedcaused by 0030031
2018-05-24 17:55hgbotCheckin
2018-05-24 17:55hgbotNote Added: 0104678
2018-05-24 18:06hgbotCheckin
2018-05-24 18:06hgbotNote Added: 0104679
2018-05-25 09:25alostaleReview Assigned To => alostale
2018-05-25 09:25alostaleNote Added: 0104694
2018-05-25 09:25alostaleStatusresolved => closed
2018-05-25 09:25alostaleFixed in Version => 3.0PR18Q3
2018-05-25 14:08hudsonbotCheckin
2018-05-25 14:08hudsonbotNote Added: 0104717
2018-05-25 14:08hudsonbotCheckin
2018-05-25 14:08hudsonbotNote Added: 0104718
2018-05-25 14:08hudsonbotCheckin
2018-05-25 14:08hudsonbotNote Added: 0104719

Notes
(0104677)
hgbot   
2018-05-24 17:49   
Repository: erp/devel/pi
Changeset: 1fe924480aa8f9bf2bf332886c0b6be4446ef528
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 24 17:36:11 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/1fe924480aa8f9bf2bf332886c0b6be4446ef528 [^]

fixes issue 38566: Allow to skip the login page redirection done in index.jsp

  After the fix for issue 0030031, it was not possible to login in Openbravo by using the authentication retrieved with an external login page. This is because in the index.jsp we first check if the DB session has been created and if not, a redirect to the login page is done.

  This was breaking the flow where the authentication is performed externally and then a redirection with the result is done to directly access Openbravo, because in that case the DB session does not exists yet causing the redirection to the login page instead of granting the access into the application.

  To fix this problem a new method called useExternalLoginPage() has been added to the AuthenticationManager class. It should be overridden by the subclasses that want to avoid the redirection if the DB session is not still present when trying to access into the application.

---
M src/index.jsp
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/AutologonAuthenticationManager.java
---
(0104678)
hgbot   
2018-05-24 17:55   
Repository: erp/devel/pi
Changeset: 09fceaed318cd50cc5cbd13874dfb2d939209817
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 24 17:55:25 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/09fceaed318cd50cc5cbd13874dfb2d939209817 [^]

related to issue 38566: remove wrong javadoc text

---
M src/org/openbravo/authentication/AuthenticationManager.java
---
(0104679)
hgbot   
2018-05-24 18:06   
Repository: erp/devel/pi
Changeset: 790cab5288426edeb6728b07cc00ac8a38e44f08
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 24 18:06:07 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/790cab5288426edeb6728b07cc00ac8a38e44f08 [^]

related to issue 38566: fix javadoc + copyright year

---
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/AutologonAuthenticationManager.java
---
(0104694)
alostale   
2018-05-25 09:25   
Reviewed + tested.

Added a note to documentation: http://wiki.openbravo.com/wiki/Authentication#Develop_your_own_Authentication_Manager [^]
(0104717)
hudsonbot   
2018-05-25 14:08   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/608c319c941f [^]
Maturity status: Test
(0104718)
hudsonbot   
2018-05-25 14:08   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/608c319c941f [^]
Maturity status: Test
(0104719)
hudsonbot   
2018-05-25 14:08   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/608c319c941f [^]
Maturity status: Test