Canonical SSO provider

AX attributes not returned to trusted, auto-approve RP

Bug #1167645 reported by James Tait
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
Fix Released
Undecided
James Tait

Bug Description

Where the RP is trusted in SSO and configured to auto-authorise, the AX attributes don't get passed back to the RP.

See original description
Tags: u1-notrack

Related branches

lp:~jamestait/canonical-identity-provider/lp1167645
Ricardo Kirkner (community): Approve
Diff: 158 lines (+59/-14)
4 files modified
identityprovider/forms.py (+11/-12)
identityprovider/tests/test_forms.py (+21/-2)
identityprovider/tests/test_views_server.py (+25/-0)
identityprovider/views/server.py (+2/-0)
James Tait (jamestait)
description: updated
description: updated
James Tait (jamestait)
description: updated
Revision history for this message
James Tait (jamestait) wrote :

It looks like there's a missing _add_ax (or two) in _handle_user_response, when called from _process_openid_request and the RP is trusted and the request is immediate, or when the user is already authenticated with SSO.

Revision history for this message
James Tait (jamestait) wrote :

I managed to get a failing test for this problem and apply a fix for that - the missing _add_ax calls solved the problem and tests passed. But in combination with the LP teams extension, the redirect URL is too long, so the default mechanism for handling this kicks in and an auto-submitting form is supposed to be returned.

Unfortunately, what I'm seeing in the browser is the form HTML rendered as a plain text document - the AX attributes are present, but the content type is wrong and the response is not a complete HTML document with the auto-submit Javascript. I have a failing test for this as well, but no fix yet.

James Tait (jamestait)
summary: - AX attributes not returned to trusted, auto-approve RP with previously-
- authed SReg data
+ AX attributes not returned to trusted, auto-approve RP
James Tait (jamestait)
Changed in canonical-identity-provider:
status: New → In Progress
Ubuntu One Auto Pilot (otto-pilot)
Changed in canonical-identity-provider:
status: In Progress → Fix Committed
Dave Morley (davmor2)
tags: added: u1-notrack
James Tait (jamestait)
Changed in canonical-identity-provider:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.