Canonical SSO provider

two factor auth behaviour on /+decide reversed

Bug #930215 reported by Simon Davy on 2012-02-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical SSO provider	Confirmed	Low	Unassigned

Bug Description

When a user set to require 2f, but is only logged in, not 2f'd, then they go to a decide page they get the decide page first and are then asked to two factor auth. Probably should be other way round - that if they don't even see the decide page till they've 2f'd

Not critical as user are unlikely to encounter this flow at all

Tags:

Revision history for this message

Simon Davy (bloodearnest) wrote on 2012-02-10:

This may actually be more common that initially thought. If the 2f auth in the session times out before the login cookie times out, they'll see this flow

Stuart Metcalfe (stuartmetcalfe) on 2012-02-29

Changed in canonical-identity-provider:
milestone:	2-factor-internal-rollout → 2-factor-post-rollout

Stuart Metcalfe (stuartmetcalfe) on 2012-06-11

Changed in canonical-identity-provider:
milestone:	2-factor-post-rollout → none

Ricardo Kirkner (ricardokirkner) on 2012-10-03

tags:

added: twofactor

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.