Bug #7614
Mis à jour par Benjamin Dauvergne il y a presque 9 ans
When login page gets a nonce parameter and authentication succeed, it passes this nonce to the next URL so that for example an IdP can find the state linked to the received authentication request or check that an authentication event linked to a received request really happened. (it's needed for SAML if the forceAuthn flag is set or with CAS if the renew parameter is used).
If we want registration or password not to block authentications flow they must authenticate the user when their work is finished (done) and redirect to the next url view. Currently they do redirect but the nonce parameter is missing. To help them IdP should suffix the nonce parameter themselve. In the end we can even remove the nonce adding from the login view, so that IdP can even name this parameter however they want.
If we want registration or password not to block authentications flow they must authenticate the user when their work is finished (done) and redirect to the next url view. Currently they do redirect but the nonce parameter is missing. To help them IdP should suffix the nonce parameter themselve. In the end we can even remove the nonce adding from the login view, so that IdP can even name this parameter however they want.