Project

General

Profile

Actions

Task #3480

open

Redirections to auth.tdf are sometimes lacking the back URL

Added by Eyal Rozenberg almost 4 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Normal
Category:
Single Sign-On
Target version:
-
Start date:
Due date:
% Done:

0%

Tags:

Description

I've noticed that when I log in, I somehow find myself in the password change dialog / page, even though I've only recently changed my password.

Actions #1

Updated by Guilhem Moulin almost 4 years ago

Log in to what? What are the exact steps that land you there? Note that if you visit https://auth.documentfoundation.org (as opposed to being redirected there) you see the password prompt indeed, along with the OAuth2 grants. This is intentional.

Actions #2

Updated by Eyal Rozenberg almost 4 years ago

Log in to what?

To RedMine (hence the bug category). But it's really to everything, via the auth subdomain.

What are the exact steps that land you there? Note that if you visit https://auth.documentfoundation.org (as opposed to being redirected there) you see the password prompt indeed, along with the OAuth2 grants. This is intentional.

Next time this happens I'll try to write down exact reproduction instructions, but basically - if you've logged in, and go back to the window without the login, and reload - you do not (necessarily) appear as logged in, and when clicking the Sign In link, you get to the auth website, to the password changing dialog.

I don't think that dialog should be the thing you see by default, anyways.

Actions #3

Updated by Guilhem Moulin almost 4 years ago

  • Subject changed from Always directed to the password change dialog to Redirections to auth.tdf are sometimes lacking the back URL
  • Category changed from Redmine to Single Sign-On

Eyal Rozenberg wrote:

Log in to what?

To RedMine (hence the bug category). But it's really to everything, via the auth subdomain.

Changing the category then. And the Subject, if that's not reproducible.

Next time this happens I'll try to write down exact reproduction instructions, but basically - if you've logged in, and go back to the window without the login, and reload - you do not (necessarily) appear as logged in, and when clicking the Sign In link, you get to the auth website, to the password changing dialog.

The instructions are unclear to me, but I can't reproduce this. In a new browser session:

Do you have a browser extension that might block the redirect? Is there an error message showing up in your browser console?

I don't think that dialog should be the thing you see by default, anyways.

auth.documentfoundation.org is an authentication platform, nothing more.

Actions #4

Updated by Guilhem Moulin almost 4 years ago

Guilhem Moulin wrote:

The instructions are unclear to me, but I can't reproduce this.

One way to reproduce the missing redirect, is to enter wrong credentials. In a new browser session:

Doesn't seem to be what you're describing though.

Actions

Also available in: Atom PDF