Bug 57563 - Portal autorefresh leads to visual logout while the session is being refreshed when using SAML
Summary: Portal autorefresh leads to visual logout while the session is being refreshe...
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Portal
Version: UCS 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 5.0-9-errata
Assignee: Iván.Delgado
QA Contact: Julia Bremer
URL: https://git.knut.univention.de/univen...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-09-04 15:21 CEST by Jan-Luca Kiok
Modified: 2025-03-21 14:16 CET (History)
7 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 4: Will affect most installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.457
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2024090421000099, 2024091021000167
Bug group (optional): Regression, SAML
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan-Luca Kiok univentionstaff 2024-09-04 15:21:17 CEST 
With Bug #57467 we introduced an automatic refresh of browser tabs when the current user is logged out.
Used together with SAML this has the following unintentional side effect:

After 5 minutes of actively using the UMC and clicking upon a module to open, the tab is being refreshed, redirecting to the portal page, seemingly signed out. Clicking on sign in restores the users session without entering credentials.

What happens is that the UMC session generally does expire after 5min, leading to the logout. - This was the case before the erratum too. But, in the background, the UMC does a "passiveLogin", so a new session is fetched - So, technically, you are not still logged in, but logged in again - And this is why the erratum has worsened the user experience here, since before you did not notice the passive login, but now the refresh happens at the "wrong" time.

Or, simply put: Before you did not notice the refresh, now your tab reloads and you are presented an unauthorized view while in the background the session persists.
Comment 2 Julia Bremer univentionstaff 2024-09-10 15:18:53 CEST 
We deactivated the portal refresh per default until this issue is fixed. Released with  
https://errata.software-univention.de/#/?erratum=5.0x1117
Comment 3 Iván.Delgado univentionstaff 2024-10-02 09:47:09 CEST 
The event that trigger the auto refresh is not sent anymore when the UMC session expires due to time, but it is still trigger when a logout is performed.
comment #2 :  we don't revert this change. 

---------5.0-9---------

univention-management-console.yaml
b476ce7efee6 | Bug #57563: yaml

univention-management-console (12.0.35-3)
97c8d5255ce3 | Bug #57563: fix(management-console): Do not reload the browser if UMC session is autodeleted after umc session expiry

Successful build
Package: univention-management-console
Version: 12.0.35-3
Branch: 5.0-0
Scope: errata5.0-9

----------5.1----------

univention-management-console (13.0.25)
22dfdc051411 | Bug #57563: fix(management-console): Do not reload the browser if UMC session is autodeleted after umc session expiry

Successful build
Package: univention-management-console
Version: 13.0.25
Branch: 5.1-0

----------5.2----------

univention-management-console (14.0.34)
1837dff67643 | Bug #57563: fix(management-console): Do not reload the browser if UMC session is autodeleted after umc session expiry

Successful build
Package: univention-management-console
Version: 14.0.34
Branch: 5.2-0
Comment 4 Julia Bremer univentionstaff 2024-10-06 20:07:42 CEST 
OK: Refresh does not happen on session expiry
OK: SAML Keycloak
OK: SAML SimpleSAMLphp
OK: Basic
OK: OIDC
OK: Jenkins

Verified
Comment 5 Iván.Delgado univentionstaff 2024-10-07 14:53:22 CEST 
<https://errata.software-univention.de/#/?erratum=5.0x1131>