Problem with authentication in JRS with enabled Kerberos/SPNEGO SSO
Hello,
I have identified the following problem while testing SSO in our CLM 6.0.5 installation. Steps to reproduce the problem are:
Can somebody explain this behaviour? Does JRS use some different/additional cookies for authentication than the other applications, ...?
Could some other applications be affected in the same way?
|
Accepted answer
Ralph Schoon (63.6k●3●36●47)
| answered Nov 01 '18, 6:58 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER edited Nov 01 '18, 6:59 a.m.
For 7. Here it is visible that still user "A" is logged in rs.
For all I know if you refresh the page showing User A is logged in, it should show User B
I don't think it is supported to be logged in as different users in the same browser, and this is also behavior that is unrelated to PNEGO/Kerberos. I see the same e.g. in demos - which is why I use different browsers for each user. This is all related to the same cookies and session ID headers being used in browsers. Another trick at seems to be using "private sessions". I have not looked int this too deep though.
Marko Tomljenovic selected this answer as the correct answer
Comments
Marko Tomljenovic
commented Nov 05 '18, 3:49 p.m.
Hi Ralph,
You are right that this is independent of Spnego/Kerbero.
You are also right that it is not supported, otherwise I wouldn't ask ;). And it is most likely also not an urgent or important feature but technically it should not be any problem that every login simply overwrites the cookies so that the correct user is identified, isn't it?
I will not create an enhancement request for this due to the relatively low importance of this feature for our end users AND we have an less efficient but still easy workaround for it.
Thank you
|
One other answer
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
I did some more testing. Actually it does not seem to work for all applications that are using delegated authentication (all except RTC, RQM and JTS).