isAuthenticated returns false when a user is authenticated
749 views
Skip to first unread message
Roland Haroutiounian
Nov 26, 2013, 12:08:35 PM11/26/13
to simple...@googlegroups.com
I have two applications each using a dedicated service provider. Both service providers use the same identity provider.
I log in through the application A. It is successfull, and when I get inside the application B, the "isAuthenticated" method returns false. It retuns true only if a "requireAuth" was called before.
I would like to get the user attributes and not perform a requireAuth again, as this page (on the application B) can be accessed anonymously.
Could you please help me ?
Peter Schober
Nov 27, 2013, 6:54:16 AM11/27/13
to simple...@googlegroups.com
* Roland Haroutiounian <rolan...@gmail.com> [2013-11-26 18:08]:
the network". It means that there is no session at the service
provider you're at. There won't be one unless you initiate one.
The fact that the subject might already have a session at a different
SP and/or different IdP is immaterial. Each entity has its own
sessions (and timeouts).
But as long as the subject (or rather the subject's HTTP User Agent)
has an active session with the IdP they will experience SSO and be
"logged in" to your SP fronting application B automatically.
> I would like to get the user attributes and not perform a requireAuth
> again, as this page (on the application B) can be accessed anonymously.
Then people can access the page anonymously anway, no problem. Once
they chose to log in (e.g. when they need more access rights to the
application) they can click "log in", same as with every other web
application out there.
If you want to spare uses the hard work of clicking "log in" once they
want to log in, use isPassive, as discussed in the other thread of
yours.
-peter
> I have two applications each using a dedicated service provider. Both
> service providers use the same identity provider.
>
> I log in through the application A. It is successfull, and when I get
> inside the application B, the "isAuthenticated" method returns false. It
> retuns true only if a "requireAuth" was called before.
isAuthenticated does not mean "authenticated at some IdP somewhere on
> service providers use the same identity provider.
>
> I log in through the application A. It is successfull, and when I get
> inside the application B, the "isAuthenticated" method returns false. It
> retuns true only if a "requireAuth" was called before.
the network". It means that there is no session at the service
provider you're at. There won't be one unless you initiate one.
The fact that the subject might already have a session at a different
SP and/or different IdP is immaterial. Each entity has its own
sessions (and timeouts).
But as long as the subject (or rather the subject's HTTP User Agent)
has an active session with the IdP they will experience SSO and be
"logged in" to your SP fronting application B automatically.
> I would like to get the user attributes and not perform a requireAuth
> again, as this page (on the application B) can be accessed anonymously.
they chose to log in (e.g. when they need more access rights to the
application) they can click "log in", same as with every other web
application out there.
If you want to spare uses the hard work of clicking "log in" once they
want to log in, use isPassive, as discussed in the other thread of
yours.
-peter
Wiking
Nov 21, 2014, 3:54:05 PM11/21/14
to simple...@googlegroups.com, peter....@univie.ac.at
I even always got isAuthenticated() with false after successful authentication from IDP, in a single SP using wordpress.
Could be my incorrect config?
Reply all
Reply to author
Forward
0 new messages