Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0038566
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajoralways2018-05-16 17:312018-05-25 14:08
ReportergorkaionView Statuspublic 
Assigned Tocaristu 
PriorityimmediateResolutionfixedFixed in Version3.0PR18Q3
StatusclosedFix in branchFixed in SCM revision1fe924480aa8
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression levelProduction - Confirmed Stable
Regression date2017-05-30
Regression introduced in release3.0PR17Q3
Regression introduced by commithttps://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c [^]
Triggers an Emergency PackNo
Summary

0038566: Autologon and AuthenticationManagers using SSO not working

DescriptionIf you configure an application to use the Autologon Authentication Manager the application is always redirected to the Login page.

The issue is in the index.jsp file.

It is retrieving the AD_SESSION_ID parameter and, if it is not set, it redirects to the login page.

That value is set by the Autologon and other SSO AM later when the authenticate method is executed. So these AM are always redirected to the login page.
Steps To ReproduceConfigure the Openbravo.properties to use Autologon AM:

authentication.class=org.openbravo.authentication.basic.AutologonAuthenticationManager
authentication.autologon.username=Openbravo

compile and try to access the application
Proposed SolutionProposed solution is to create a new method in the AuthenticationManager to determine if the AM is using a SSO login or not. In case of using SSO it should not redirect to the login as the session will be created in the authenticate method.

If finally an authentication is needed the authenticate method should redirect to the login page.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
depends on backport 00386173.0PR18Q2.1 closedcaristu Autologon and AuthenticationManagers using SSO not working 
depends on backport 00386183.0PR18Q1.4 closedcaristu Autologon and AuthenticationManagers using SSO not working 
caused by defect 0030031 closedalostale row created in ad_session for same cookie after every erp logout 
related to design defect 0038580 newplatform Remove AutologonAuthenticationManager 

-  Notes
(0104677)
hgbot (developer)
2018-05-24 17:49

Repository: erp/devel/pi
Changeset: 1fe924480aa8f9bf2bf332886c0b6be4446ef528
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 24 17:36:11 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/1fe924480aa8f9bf2bf332886c0b6be4446ef528 [^]

fixes issue 38566: Allow to skip the login page redirection done in index.jsp

  After the fix for issue 0030031, it was not possible to login in Openbravo by using the authentication retrieved with an external login page. This is because in the index.jsp we first check if the DB session has been created and if not, a redirect to the login page is done.

  This was breaking the flow where the authentication is performed externally and then a redirection with the result is done to directly access Openbravo, because in that case the DB session does not exists yet causing the redirection to the login page instead of granting the access into the application.

  To fix this problem a new method called useExternalLoginPage() has been added to the AuthenticationManager class. It should be overridden by the subclasses that want to avoid the redirection if the DB session is not still present when trying to access into the application.

---
M src/index.jsp
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/AutologonAuthenticationManager.java
---
(0104678)
hgbot (developer)
2018-05-24 17:55

Repository: erp/devel/pi
Changeset: 09fceaed318cd50cc5cbd13874dfb2d939209817
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 24 17:55:25 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/09fceaed318cd50cc5cbd13874dfb2d939209817 [^]

related to issue 38566: remove wrong javadoc text

---
M src/org/openbravo/authentication/AuthenticationManager.java
---
(0104679)
hgbot (developer)
2018-05-24 18:06

Repository: erp/devel/pi
Changeset: 790cab5288426edeb6728b07cc00ac8a38e44f08
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 24 18:06:07 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/790cab5288426edeb6728b07cc00ac8a38e44f08 [^]

related to issue 38566: fix javadoc + copyright year

---
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/AutologonAuthenticationManager.java
---
(0104694)
alostale (developer)
2018-05-25 09:25

Reviewed + tested.

Added a note to documentation: http://wiki.openbravo.com/wiki/Authentication#Develop_your_own_Authentication_Manager [^]
(0104717)
hudsonbot (developer)
2018-05-25 14:08

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/608c319c941f [^]
Maturity status: Test
(0104718)
hudsonbot (developer)
2018-05-25 14:08

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/608c319c941f [^]
Maturity status: Test
(0104719)
hudsonbot (developer)
2018-05-25 14:08

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/608c319c941f [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2018-05-16 17:31 gorkaion New Issue
2018-05-16 17:31 gorkaion Assigned To => platform
2018-05-16 17:31 gorkaion Modules => Core
2018-05-16 17:31 gorkaion Regression level => Production - Confirmed Stable
2018-05-16 17:31 gorkaion Regression date => 2017-05-30
2018-05-16 17:31 gorkaion Regression introduced in release => 3.0PR17Q3
2018-05-16 17:31 gorkaion Regression introduced by commit => https://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c [^]
2018-05-16 17:31 gorkaion Triggers an Emergency Pack => No
2018-05-18 09:48 alostale Relationship added related to 0038580
2018-05-24 14:07 caristu Status new => scheduled
2018-05-24 14:07 caristu Assigned To platform => caristu
2018-05-24 17:49 hgbot Checkin
2018-05-24 17:49 hgbot Note Added: 0104677
2018-05-24 17:49 hgbot Status scheduled => resolved
2018-05-24 17:49 hgbot Resolution open => fixed
2018-05-24 17:49 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/1fe924480aa8f9bf2bf332886c0b6be4446ef528 [^]
2018-05-24 17:50 caristu Relationship added caused by 0030031
2018-05-24 17:55 hgbot Checkin
2018-05-24 17:55 hgbot Note Added: 0104678
2018-05-24 18:06 hgbot Checkin
2018-05-24 18:06 hgbot Note Added: 0104679
2018-05-25 09:25 alostale Review Assigned To => alostale
2018-05-25 09:25 alostale Note Added: 0104694
2018-05-25 09:25 alostale Status resolved => closed
2018-05-25 09:25 alostale Fixed in Version => 3.0PR18Q3
2018-05-25 14:08 hudsonbot Checkin
2018-05-25 14:08 hudsonbot Note Added: 0104717
2018-05-25 14:08 hudsonbot Checkin
2018-05-25 14:08 hudsonbot Note Added: 0104718
2018-05-25 14:08 hudsonbot Checkin
2018-05-25 14:08 hudsonbot Note Added: 0104719


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker