0038618: Autologon and AuthenticationManagers using SSO not working

Openbravo Issue Tracking System - Openbravo ERP

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0038618

Openbravo ERP

A. Platform

public

2018-05-16 17:31

2018-05-25 09:26

Reporter

gorkaion

Assigned To

caristu

Priority

immediate

Severity

major

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

Target Version

3.0PR18Q1.4

Fixed in Version

3.0PR18Q1.4

Merge Request Status

Review Assigned To

alostale

OBNetwork customer

Web browser

Modules

Core

Support ticket

Regression level

Production - Confirmed Stable

Regression date

2017-05-30

Regression introduced in release

3.0PR17Q3

Regression introduced by commit

https://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c [^]

Triggers an Emergency Pack

Summary

0038618: Autologon and AuthenticationManagers using SSO not working

Description

If you configure an application to use the Autologon Authentication Manager the application is always redirected to the Login page.

The issue is in the index.jsp file.

It is retrieving the AD_SESSION_ID parameter and, if it is not set, it redirects to the login page.

That value is set by the Autologon and other SSO AM later when the authenticate method is executed. So these AM are always redirected to the login page.

Steps To Reproduce

Configure the Openbravo.properties to use Autologon AM:

authentication.class=org.openbravo.authentication.basic.AutologonAuthenticationManager
authentication.autologon.username=Openbravo

compile and try to access the application

Proposed Solution

Proposed solution is to create a new method in the AuthenticationManager to determine if the AM is using a SSO login or not. In case of using SSO it should not redirect to the login as the session will be created in the authenticate method.

If finally an authentication is needed the authenticate method should redirect to the login page.

Additional Information