Auto-approve for repeat logins doesn't return sreg data
Bug #808841 reported by
Stuart Metcalfe
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Fix Released
|
High
|
Ricardo Kirkner | ||
Bug Description
When testing functionality on bug #121533 I ran into an issue. To reproduce:
1. Select 'sreg' (and default options) in the test consumer.
2. Choose the fields you want to return and continue back to the consumer.
3. Quickly repeat step 1
4. Note that "The server returned no Simple Registration data."
This is because our server code currently auto-approves logins to sites you've already logged in to in the current session within a defined period. The code which does this isn't aware of the new user-controlled sreg data. This affects untrusted consumers. I haven't checked with trusted consumers but that functionality hasn't changed.
| description: | updated |
| tags: | added: kb-defect sp-1 |
| Changed in canonical-identity-provider: | |
| assignee: | nobody → Ricardo Kirkner (ricardokirkner) |
| status: | Confirmed → In Progress |
| Changed in canonical-identity-provider: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Dave Morley (davmor2) wrote | #1 |
| Changed in canonical-identity-provider: | |
| milestone: | none → 11.08.03 |
| Changed in canonical-identity-provider: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Passes on vps