Skip to content

LG-12070: Maintain incoming request for concurrent session logout#10040

Merged
aduth merged 2 commits intomainfrom
aduth-lg-12070-concurrent-session-incoming-request
Feb 7, 2024
Merged

LG-12070: Maintain incoming request for concurrent session logout#10040
aduth merged 2 commits intomainfrom
aduth-lg-12070-concurrent-session-incoming-request

Conversation

@aduth
Copy link
Contributor

@aduth aduth commented Feb 6, 2024
edited
Loading

🎫 Ticket

LG-12070

Related issue: #9407

🛠 Summary of changes

Updates OIDC and SAML controllers to set redirect URL ahead of concurrent session logout, to repeat the authentication request as redirect destination for the logout. This resolves an issue where authentication request details would otherwise be lost during the concurrent session logout.

The solution here is essentially the same as in LG-11777 (#9842), except applied to the authentication endpoints in addition to the logout endpoints handled there.

📜 Testing Plan

Prerequisite: Have both OIDC and SAML sample applications running separate from the IdP

  1. Start at http://localhost:9292 (OIDC) or http://localhost:4567 (SAML)
  2. Click "Sign in"
  3. Complete sign in until returned to sample application
  4. In a different browser or private browsing window, repeat Steps 1-3, using the same sample application
  5. In your original browser, repeat Steps 1-2, using the other of the two links
  6. Note that "X is using Login.gov..." text reflects the name of the sample application you came from in Step 5

aduth
aduth commented Feb 6, 2024
View reviewed changes
aduth
aduth commented Feb 6, 2024
View reviewed changes
spec/features/openid_connect/openid_connect_spec.rb Outdated
Copy link
Contributor Author

@aduth aduth Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This link_identity code wasn't strictly necessary so was removed to avoid excessive duplication in the new, similar test cases being added.

@aduth aduth requested a review from a team February 6, 2024 14:34
aduth added 2 commits February 7, 2024 10:13
@aduth
LG-12070: Maintain incoming request for concurrent session logout
ca5d710 
changelog: Bug Fixes, Concurrent Session, Maintain authentication request when enforcing concurrent session limit
@aduth
Add comment clarifying ordering
5be7d4f 
See: #10040 (comment)
@aduth aduth force-pushed the aduth-lg-12070-concurrent-session-incoming-request branch from 9ab88cb to 5be7d4f Compare February 7, 2024 15:14
@aduth aduth merged commit 1aa6a1b into main Feb 7, 2024
@aduth aduth deleted the aduth-lg-12070-concurrent-session-incoming-request branch February 7, 2024 18:31
@mitchellhenke mitchellhenke mentioned this pull request Feb 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitchellhenke mitchellhenke mitchellhenke approved these changes

@mdiarra3 mdiarra3 mdiarra3 approved these changes

+1 more reviewer

@zachmargolis zachmargolis zachmargolis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aduth @zachmargolis @mitchellhenke @mdiarra3