Bug #7388
blank page /idp/saml2/continue
100%
Description
After an account has been created we get redirected to that URL that shows a blank page. (this happened to Pierre on imio.entrouvert.org, but I think I also got it on maarch.dev.entrouvert.org).
Files
Associated revisions
History
Updated by Benjamin Dauvergne over 7 years ago
- Assignee set to Serghei Mihai
- Target version set to 2.2.0
Updated by Serghei Mihai over 7 years ago
The nonce parameter is lost during the registration process.
I see two variants:
- try to preserve the nonce in the registration token which by consequence will be much longer * ignore the missing nonce and redirect user to homepage
Updated by Thomas Noël over 7 years ago
Serghei Mihai a écrit :
- ignore the missing nonce and redirect user to homepage
I think we should try to redirect the user to the first site. Can we store the nounce in a cookie, for 3 ou 4 hours ? On redirect, use the cookie-nounce if it's here (tipical use case: the user registers and validates his account in the same session of the same browser, in less than 30 min). If the nounce is not here, redirect to 'account_management'. Best effort...
(I don't know about security issues with this process)
Updated by Benjamin Dauvergne over 7 years ago
- File 0001-auth_frontends-build-next-URL-passed-to-registration.patch 0001-auth_frontends-build-next-URL-passed-to-registration.patch added
- Assignee changed from Serghei Mihai to Benjamin Dauvergne
Just dont loose it.
Updated by Benjamin Dauvergne over 7 years ago
- Status changed from Nouveau to Résolu (à déployer)
- % Done changed from 0 to 100
Appliqué par commit authentic2|e941b39af7343169e3d9897d64385c4d7e4cc473.
Updated by Benjamin Dauvergne almost 7 years ago
- Status changed from Résolu (à déployer) to Solution déployée
auth_frontends: build next URL passed to registration by adding the nonce
fixes #7388