Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0038617Openbravo ERPA. Platformpublic2018-05-16 17:312018-05-25 09:26
gorkaion 
caristu 
immediatemajoralways
closedfixed 
5
 
3.0PR18Q2.13.0PR18Q2.1 
alostale
Core
Production - Confirmed Stable
2017-05-30
3.0PR17Q3
https://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c [^]
No
0038617: Autologon and AuthenticationManagers using SSO not working
If you configure an application to use the Autologon Authentication Manager the application is always redirected to the Login page.

The issue is in the index.jsp file.

It is retrieving the AD_SESSION_ID parameter and, if it is not set, it redirects to the login page.

That value is set by the Autologon and other SSO AM later when the authenticate method is executed. So these AM are always redirected to the login page.
Configure the Openbravo.properties to use Autologon AM:

authentication.class=org.openbravo.authentication.basic.AutologonAuthenticationManager
authentication.autologon.username=Openbravo

compile and try to access the application
Proposed solution is to create a new method in the AuthenticationManager to determine if the AM is using a SSO login or not. In case of using SSO it should not redirect to the login as the session will be created in the authenticate method.

If finally an authentication is needed the authenticate method should redirect to the login page.
No tags attached.
blocks defect 0038566 closed caristu Autologon and AuthenticationManagers using SSO not working 
Issue History
2018-05-24 14:07caristuTypedefect => backport
2018-05-24 14:07caristuTarget Version => 3.0PR18Q2.1
2018-05-24 19:09hgbotCheckin
2018-05-24 19:09hgbotNote Added: 0104681
2018-05-24 19:09hgbotStatusscheduled => resolved
2018-05-24 19:09hgbotResolutionopen => fixed
2018-05-24 19:09hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR18Q2.1/rev/d13caf113d0e033402060230407b5b9347d590ce [^]
2018-05-24 19:09caristuAssigned Toplatform => caristu
2018-05-25 09:26alostaleReview Assigned To => alostale
2018-05-25 09:26alostaleNote Added: 0104695
2018-05-25 09:26alostaleStatusresolved => closed
2018-05-25 09:26alostaleFixed in Version => 3.0PR18Q2.1

Notes
(0104681)
hgbot   
2018-05-24 19:09   
Repository: erp/backports/3.0PR18Q2.1
Changeset: d13caf113d0e033402060230407b5b9347d590ce
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 24 18:01:58 2018 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR18Q2.1/rev/d13caf113d0e033402060230407b5b9347d590ce [^]

fixes issue 38617: Allow to skip the login page redirection done in index.jsp

After the fix for issue 0030031, it was not possible to login in Openbravo by using the authentication retrieved with an external login page. This is because in the index.jsp we first check if the DB session has been created and if not, a redirect to the login page is done.

This was breaking the flow where the authentication is performed externally and then a redirection with the result is done to directly access Openbravo, because in that case the DB session does not exists yet causing the redirection to the login page instead of granting the access into the application.

To fix this problem a new method called useExternalLoginPage() has been added to the AuthenticationManager class. It should be overridden by the subclasses that want to avoid the redirection if the DB session is not still present when trying to access into the application.

---
M src/index.jsp
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/AutologonAuthenticationManager.java
---
(0104695)
alostale   
2018-05-25 09:26   
tested + reviewed