Can't use SSO connexion after deconnexion
Closed this issue · 4 comments
Thank's a lot for this plugin. It's what i'was looking for, but i ve got problem to use it.
I can log to redmine via an http_header, but when i use the deconnexion button on the top menu bar, then i need to delete the cookie in order to use SSO connexion again.
Is it typical from my configuration ? or is there a way to avoid to delete cookie in order to connect again via SSO ?
Thanks in advance for your help.
Hello.
So, its normal. Plugin store that was logout and dont use ldap authentication again. But if you close window of browser and open again sso will return.
Reason: if you click logout, then you need something to do - for example login via somebody else (our admins use that very often). Thats why plugin does not relogin you. If plugin does, than logout will be impossible (click logout - plugin makes login... again again again...).
Hi,
Thanks for your answer, i 've got a better comprehension of the plugin. In our case we put the specific http header only when we wan't to connect to redmine, the other request don't have the header. And so, after a logout i was surprised that i can't use sso again. Effectively, after closing the browser, the sso works. May be it will be sufficent for our client ... But could you tell me where does the plugin store that i was logout.
Thanks
I see. I guess that helps you:
in https://github.com/tdvsdv/single_auth/blob/master/lib/single_auth/application_controller_patch.rb
you can comment or delete line 28 (session[:logout_was] = true)
After you would not logout from redmine (after click logout will trigger sso plugin and login user back).
But be ware, maybe you can get some bugs, we dont test sso without this code line.
It's what i was looking for. Thank you.