If both the 'krb' and 'form' login plugins are enabled with 'krb' at the top of the stack, form-based login will not redirect to the SP after login. The login itself is successful, but the browser remains at Ipsilon's "Welcome!" page. At this point, you can navigate back to the SP manually, and the redirect will occur properly using the existing session.
If the 'krb' login plugin is disabled, the redirect to the SP works properly.
Fields changed
milestone: => 1.0 m3 owner: => puiterwijk status: new => assigned
This happened because LoginManager auth_failure did not pass the transaction ID to the redirect to the next authentication module.
status: assigned => accepted
A patch is available in my repo, krb-ses branch.
owner: puiterwijk => simo
I think I found a better way to handle this issue. See https://fedorapeople.org/cgit/simo/public_git/ipsilon.git/log/?h=ticket-74
Fixed in: e0aa4f2
resolution: => fixed status: accepted => closed
There is still one case where a failed negotiate causes the transaction to be lost
resolution: fixed => status: closed => reopened
Fixed in: 078942b
resolution: => fixed status: reopened => closed
rhbz: => 0
Metadata Update from @nkinder: - Issue assigned to simo - Issue set to the milestone: 1.0 m3
Log in to comment on this ticket.