Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-9624

Authentication is faulty on domain based farm when cookiedomains is set to the exact domain of the main wiki

    Details

    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      The usecase is a domain based farm with global users, where users want to be automatically authenticated on the whole farm when they authenticate on one of the wikis of the farm.
      Setup a domain based multiwiki, where the main wiki is accessible at, say, localhost.localdomain. In xwiki.cfg, set xwiki.authentication.cookiedomains=localhost.localdomain . Subwikis addresses are subdmains of localhost.localdomain.
      First issue:

      1. login with a global user on the main wiki
      2. go on a subwiki, you won't be authenticated. This issue is different from XWIKI-9622 in that no matter how many times you refresh, you'll never get authenticated on the subwiki.

      However, if one first logs in on a subwiki and then navigates to the main wiki, they are properly authenticated on the main wiki/other subwikis.

      Second issue:

      1. login with a global user on a subwiki
      2. go on the main wiki, you'll be authenticated
      3. click the logout button. Page will be reloaded without the user being logged out (logout button doesn't do anything)
      4. go on the subwiki where you authenticated or on another subwiki, click logout, it will work.

        Attachments

          Activity

            People

            • Assignee:
              softec Denis Gervalle
              Reporter:
              lucaa Anca Luca
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: