development icon indicating copy to clipboard operation
development copied to clipboard
verified publisher icon servicecatalog

Non-existing tenantID in URL prevents access with existing tenantID

Open StavrevaS opened this issue 9 years ago • 3 comments

[How to reproduce]

  1. Platform operator registers a tenant (e.g tenantID="ad43fe78"); The administration portal URL for this tenant will be http://:/oscm-portal/?tenantID=ad43fe78;
  2. The user tries to acess the URL, but types a wrong tenantID e.g http://:/oscm-portal/?tenantID=ad43fe79. Tenant with id ad43fe79 does not exist on the platform.

[Expected] Error message for non-existing tenant. When the user corrects the tenantID, he should be able to login in the tenant-specific IDP.

[Observed] Error message for non-existing tenant, even after the user corrects the tenantID. Onyl after deleting the browser cookies, the user is able to login to the tenant-specific IDP.

Probably the wrong tenantID is saved in the session, and not updated with the correct one.

StavrevaS avatar Oct 21 '16 10:10 StavrevaS

Tested on Windows Server 2016, jdk1.8u131, build BES_MASTER_BUILD_NO_TESTS-24 2017/07/31 in SAML mode. It works as expected.

kwodzynski avatar Jul 31 '17 11:07 kwodzynski

[Build] 17.3 tested with IE. This was a duplicate of issue #417 but it is not fixed.

  1. Log-in with default tenant (OpenAM) including tenantID (OK)
  2. Log-in with ADFS tenant including tenantID

[Expected] ADFS login page is shown [Observed] OpenAm login page is shown

Also, the original problem as described is also not fixed (enter incorrect tenantID first and then correct tenantID

ghost avatar Jul 31 '17 12:07 ghost

I have tested this issue on the build has been created from hotfix/issue392 branch. It was not merge to master, so the official 17.3.0 release does not include that commit.

kwodzynski avatar Jul 31 '17 13:07 kwodzynski