Issue #79: When --krb yes and user does not have a TGT and authenticates via PAM, no redirect back to SP happens - ipsilon

ipsilon

#79 When --krb yes and user does not have a TGT and authenticates via PAM, no redirect back to SP happens

Closed: Duplicate None Opened 9 years ago by adelton.

When Ipsilon server is configured both with PAM and Kerberos login managers, no redirect back to the service provider happens if the user does not have a Kerberos ticket and just logs in via PAM (logon form).

The sequence of HTTP requests is:

GET /idp/saml2/SSO/Redirect?SAMLRequest=... 303
GET /idp/login?ipsilon_transaction_id=079... 303
GET /idp/login/krb/negotiate?ipsilon_transaction_id=079... 401

at which point the logon form is presented, and upon entering correct login and password

POST /idp/login/pam 303
GET /idp/ 200

I'd expect redirect back to SP to happen.

This is with ipsilon-tools-0.4.0-1.fc21.noarch.

nkinder commented 9 years ago

This is a duplicate of ticket #74.

design_link: =>
resolution: => duplicate
status: new => closed

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

Major

Milestone

None

rhbz

None

design_link

None

type

defect

component

version

None

sensitive

patch_available

ipsilon

Source Code

#79 When --krb yes and user does not have a TGT and authenticates via PAM, no redirect back to SP happens Closed: Duplicate None Opened 9 years ago by adelton.

Metadata

#79 When --krb yes and user does not have a TGT and authenticates via PAM, no redirect back to SP happens

Closed: Duplicate None Opened 9 years ago by adelton.