Bug 55200 – User is not logged into Portal if a Single Sign-On session exists

Bug 55200 - User is not logged into Portal if a Single Sign-On session exists


Summary:	User is not logged into Portal if a Single Sign-On session exists

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Portal
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:	53146
Blocks:
	Show dependency tree / graph

Reported:	2022-09-13 16:44 CEST by Nico Stöckigt
Modified:	2022-09-14 14:11 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022091321000227
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nico Stöckigt

2022-09-13 16:44:39 CEST

+++ This bug was initially created as a clone of Bug #53146 +++

When being logged in via SSO (SAML), it should be possible to switch to a different Portal / UMC and already be logged in on the other server. This does not work in UCS 5. Is bug 52722 related/relevant?

Setup: DC primary + DC backup, both portals configured for SSO (ucr set portal/auth-mode=saml). Log into one server via SSO, then switch to the other server. None of these options work:
* click server overview, select other server
* manually type other fqdn into browser

I would at least expect that clicking on the side menu login button would recognize the session, but one has to login again on the other server. In my test i made sure that only the primary DC is the IdP, this is no issue of SSO session replication between servers.

Comment 1 Nico Stöckigt

2022-09-13 16:54:21 CEST

When opening a Service directly the Service-Login redirects one to the Portal SAML-Login. After Login you are returned to the Service.
When you now go to the Portal (same Tab) you aren't logged in. When you click on Login you mustn't enter any credentials.

The unnecessary extra click should be omitted by detecting the existing SAMl-Session and using it.

Comment 2 Erik Damrose

2022-09-13 19:08:05 CEST

The UCS 4 portal supported the feature that is requested here.