Auto-approve for repeat logins doesn't return sreg data
Bug #808841 reported by
Stuart Metcalfe
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
Fix Released
|
High
|
Ricardo Kirkner |
Bug Description
When testing functionality on bug #121533 I ran into an issue. To reproduce:
1. Select 'sreg' (and default options) in the test consumer.
2. Choose the fields you want to return and continue back to the consumer.
3. Quickly repeat step 1
4. Note that "The server returned no Simple Registration data."
This is because our server code currently auto-approves logins to sites you've already logged in to in the current session within a defined period. The code which does this isn't aware of the new user-controlled sreg data. This affects untrusted consumers. I haven't checked with trusted consumers but that functionality hasn't changed.
description: | updated |
tags: | added: kb-defect sp-1 |
Changed in canonical-identity-provider: | |
assignee: | nobody → Ricardo Kirkner (ricardokirkner) |
status: | Confirmed → In Progress |
Changed in canonical-identity-provider: | |
status: | In Progress → Fix Committed |
Changed in canonical-identity-provider: | |
milestone: | none → 11.08.03 |
Changed in canonical-identity-provider: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Passes on vps