Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ELY-2589] Make sure the delegate#setAuthorized call happens before the super#setAuthorized call for SSO to ensure the session cache has the correct information after a session ID change #2094

Merged
merged 1 commit into from
Feb 14, 2024
Merged

[ELY-2589] Make sure the delegate#setAuthorized call happens before the super#setAuthorized call for SSO to ensure the session cache has the correct information after a session ID change #2094

merged 1 commit into from
Feb 14, 2024

Conversation

fjuma
Copy link
Contributor

@fjuma fjuma commented Feb 8, 2024
edited
Loading

https://issues.redhat.com/browse/ELY-2589
https://issues.redhat.com/browse/JBEAP-25796

Description of the fix

The changes for ELY-1945 ensure that if we are associating an identity with the session for the first time then we need to change the ID of the session.

However, when the ID of the session is changed, the SSO session cache doesn't get updated accordingly. This means that the corresponding logout handling for the session won't get registered.

This PR changes the order in which setAuthorized gets called in CachedIdentityAuthorizationCallback#setAuthorized to ensure that the entry that gets added to the SSO session cache has the correct session ID.

More details about this fix can be found here.

Tests

Note that a new test case for this fix has been added to the Elytron Web test suite, see wildfly-security/elytron-web#245.

@fjuma
[ELY-2589] Make sure the delegate#setAuthorized call happens before t…
3dca175 
…he super#setAuthorized call for SSO to ensure the session cache has the correct information after a session ID change
@fjuma fjuma mentioned this pull request Feb 8, 2024
Merged
@fjuma fjuma requested review from darranl and Skyllarr February 8, 2024 22:05
@Skyllarr Skyllarr added the +1 DV label Feb 13, 2024
@darranl darranl added the +1 DAL label Feb 14, 2024
@darranl
Copy link
Contributor

darranl commented Feb 14, 2024

FYI I won't merge as this a maintenance branch in case it is not ready to receive it.

@fjuma fjuma merged commit 5af1a7d into wildfly-security:1.15.x Feb 14, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darranl darranl darranl approved these changes

@Skyllarr Skyllarr Skyllarr approved these changes

Assignees
No one assigned
Labels
Maintenance +1 DAL +1 DV
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fjuma @darranl @Skyllarr