SSO doesn't work when initiated from another SP
Bug #614804 reported by
Lorenzo Gil Sanchez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pySAML2 |
Invalid
|
Undecided
|
Lorenzo Gil Sanchez |
Bug Description
This is a bug in djangosaml2 at the moment.
If you start the login process from Django and then goes to a simpleSAMLphp based SP and starts the login everything works as expected and the second login is automatic, e.g., no credential are requested to the user.
But if you do it the other way around (start the login from simpleSAMLphp and then go to Django) the credential are requested again and the session is not shared between both SP. You have to the logout twice in this case.
Changed in pysaml2: | |
status: | New → Confirmed |
assignee: | nobody → Lorenzo Gil Sanchez (lgs) |
Changed in pysaml2: | |
status: | Confirmed → Invalid |
To post a comment you must log in.
On 8/7/10 20:18, Lorenzo Gil Sanchez wrote:
> Public bug reported:
>
> This is a bug in djangosaml2 at the moment.
>
> If you start the login process from Django and then goes to a
> simpleSAMLphp based SP and starts the login everything works as expected
> and the second login is automatic, e.g., no credential are requested to
> the user.
>
> But if you do it the other way around (start the login from
> simpleSAMLphp and then go to Django) the credential are requested again
> and the session is not shared between both SP. You have to the logout
> twice in this case.
>
I'm not sure I regard this as a bug in djangosaml2.
At the same time I don't really understand why it happens, due to lack
of information.
I guess that the credentials produced when you first log-in to
simpleSAMLphp for some reason is regarded as unsuitable to send to Django.
It's a decision made by simpleSAMLphp and I have no insight into its
inner workings.
-- Roland