ffba696 Force a logout in KerberosSession if a login is needed

1 file Authored by rcritten 5 months ago, Committed by frenaud 5 months ago,
    Force a logout in KerberosSession if a login is needed
    
    Remove the client side cookie if a user possesses an IPA session
    cookie and the associated credentials can't be found on the
    server.
    
    This handles the case where the ccaches are removed for some reason
    (maybe cleanup, maybe a container was restarted) and allows for
    a successful SSO if the user's Kerberos ticket is still valid.
    
    Without this change the user is always dropped into a the
    username/password dialog. The only workaround is to remove
    the cookie on the client side.
    
    Fixes: https://pagure.io/freeipa/issue/9624
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
    
        
file modified
+5 -0