Comment 2 for bug 614804
Revision history for this message
| Lorenzo Gil Sanchez (lgs) wrote Re: [Bug 614804] [NEW] SSO doesn't work when initiated from another SP | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
2010/8/8 Roland Hedberg <email address hidden>:
> On 8/7/10 20:18, Lorenzo Gil Sanchez wrote:
>> Public bug reported:
>>
>> This is a bug in djangosaml2 at the moment.
>>
>> If you start the login process from Django and then goes to a
>> simpleSAMLphp based SP and starts the login everything works as expected
>> and the second login is automatic, e.g., no credential are requested to
>> the user.
>>
>> But if you do it the other way around (start the login from
>> simpleSAMLphp and then go to Django) the credential are requested again
>> and the session is not shared between both SP. You have to the logout
>> twice in this case.
>>
> I'm not sure I regard this as a bug in djangosaml2.
>
> At the same time I don't really understand why it happens, due to lack
> of information.
> I guess that the credentials produced when you first log-in to
> simpleSAMLphp for some reason is regarded as unsuitable to send to Django.
> It's a decision made by simpleSAMLphp and I have no insight into its
> inner workings.
>
Actually you are right. I investigated this further today and I
realized it was neither pysaml2 or simpleSAMLphp bug, it was a bug in
my brain :-)
I was logging in simpleSAMLphp using an authentication mechanism
different from the one used when simpleSAMLphp is acting as an IdP and
hence there were two sessions involved.
Sorry for the noise. This bug is invalid.