Canonical SSO provider

After signing in incorrectly, signing in correctly goes to the wrong place

Bug #1257303 reported by Ratnadeep Bhattacharjee on 2013-12-03

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical SSO provider	New	Undecided	Unassigned

Bug Description

If while connecting to my Canonical Gmail account I enter the wrong password on login.ubuntu.com and then enter the correct password I am not redirected back to GMail. I have to type gmail.com on the URL bar, enter my canonical userid and hit enter...login.ununtu.com should be able to remember the redirect URL even during failed login attempts.

Similar to bug 1083145, about the diversion to setting up a backup device.

See original description

Matthew Paul Thomas (mpt) on 2014-05-29

description:	updated
summary:	- Identity provider should remember redirect URL + After signing in incorrectly, signing in correctly goes to the wrong + place

Michał Sawicz (saviq) on 2015-04-13

Changed in canonical-identity-provider:
status:	New → Confirmed

Revision history for this message

Colin Watson (cjwatson) wrote on 2017-02-26:

In the process of working on some other related bugs, I tried to reproduce this (admittedly with a different OpenID consumer, since I don't use the Canonical Gmail service) but found that it all seemed to work: the first form was /:token/+decide (where :token was the OpenID request token assigned by SSO to identify the exchange); entering an incorrect password there sent me to /:token/+login; and entering a correct password there eventually sent me back to the originating site.

I think that this bug has probably been fixed along the way, although I've been unable to identify a relevant code change that happened after it was filed. Please could anyone who experienced this bug in the past check whether you still see it? (Note that for these purposes I'm only interested in problems with this specific flow; I know that there are other ways you can end up having the OpenID request token forgotten along the way, and I have a merge proposal up that fixes quite a number of these.)

Changed in canonical-identity-provider:
status:	Confirmed → Incomplete

Revision history for this message

Michał Sawicz (saviq) wrote on 2017-02-27:

I just confirmed this with logging into google:

1) log out from https://login.ubuntu.com/
2) log out from google
3) go to https://accounts.google.com/
4) select the LP-backed account
5) provide a wrong password
6) provide the correct password
7) provide 2fa key
8) (BUG) you're left on https://login.ubuntu.com/ instead of being redirected back to google