As seen in https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/R5YP7TIBCLQ3OOF3BFQPOPRYUGVZW4JL/
If you have a valid Kerberos SSO session to the UI and remove the cacches then subsequent Kerboros logins will fail and the user will be dumped to the username/password screen.
It'll dump you to the login screen
user should get a new session
A workaround is to remove the IPA server cookies in the browser. Then SSO will work again.
The fix will be to invalidate any ipa_session token. The question is do we always do this or only in certain cases when calling need_login()?
Metadata Update from @rcritten: - Issue assigned to rcritten
master:
ipa-4-12:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7434
Log in to comment on this ticket.