topic Explicit Authentication request is skipped if a user is logged in already (due to cookie I believe) in Nuxeo Forum https://connect.hyland.com/t5/nuxeo-forum/explicit-authentication-request-is-skipped-if-a-user-is-logged/m-p/325686#M12687 <P>Hi, We have the following setup:</P> <UL> <LI>Nuxeo running in an embedded iFrame, which is a part of our application</LI> <LI>To use out application, the user must log in to it</LI> <LI>To use Nuxeo, the user clicks on a dedicated button, which causes the iFrame to SSO to Nuxeo, using currently logged in user's credentials</LI> </UL> <P>The problem is that:</P> <UL> <LI>user A logs in to our application</LI> <LI>user A clicks the iFrame button</LI> <LI>iFrame related code explicitly sends auth request with A's credentials to nuxeo/nxstartup.faces</LI> <LI>the auth is handed to our SSO plugin, and upon successful auth A gets into Nuxeo</LI> <LI>user A logs out of our application</LI> <LI>user B logs in to our application</LI> <LI>user B clicks the iFrame button</LI> <LI>iFrame related code explicitly sends auth request with B's credentials to nuxeo/nxstartup.faces</LI> <LI>---&gt;&gt;&gt; Nuxeo consumes the auth request, and lets user B in, while displaying user 'A' as the one being logged in; looking into server.log confirms that the auth reuest for user B never reaches our SSO plugin</LI> </UL> <P>Could anyone please advise on how to resolve the issue ? p.s.</P> <UL> <LI>I have tried to delete the JSESSIONID cookie from within the main application code, but I cannot even see it (I think it is because our application and Nuxeo are on different domains.</LI> <LI>if I am not mistaken this has nothing to do with the use of an iFrame, i.e. I can reproduce by pasting the URLs the iFrame submits its requests to in a plain browser tab and get same results</LI> </UL> Mon, 28 Nov 2016 21:37:47 GMT Rafi_Cohen 2016-11-28T21:37:47Z Explicit Authentication request is skipped if a user is logged in already (due to cookie I believe) https://connect.hyland.com/t5/nuxeo-forum/explicit-authentication-request-is-skipped-if-a-user-is-logged/m-p/325686#M12687 <P>Hi, We have the following setup:</P> <UL> <LI>Nuxeo running in an embedded iFrame, which is a part of our application</LI> <LI>To use out application, the user must log in to it</LI> <LI>To use Nuxeo, the user clicks on a dedicated button, which causes the iFrame to SSO to Nuxeo, using currently logged in user's credentials</LI> </UL> <P>The problem is that:</P> <UL> <LI>user A logs in to our application</LI> <LI>user A clicks the iFrame button</LI> <LI>iFrame related code explicitly sends auth request with A's credentials to nuxeo/nxstartup.faces</LI> <LI>the auth is handed to our SSO plugin, and upon successful auth A gets into Nuxeo</LI> <LI>user A logs out of our application</LI> <LI>user B logs in to our application</LI> <LI>user B clicks the iFrame button</LI> <LI>iFrame related code explicitly sends auth request with B's credentials to nuxeo/nxstartup.faces</LI> <LI>---&gt;&gt;&gt; Nuxeo consumes the auth request, and lets user B in, while displaying user 'A' as the one being logged in; looking into server.log confirms that the auth reuest for user B never reaches our SSO plugin</LI> </UL> <P>Could anyone please advise on how to resolve the issue ? p.s.</P> <UL> <LI>I have tried to delete the JSESSIONID cookie from within the main application code, but I cannot even see it (I think it is because our application and Nuxeo are on different domains.</LI> <LI>if I am not mistaken this has nothing to do with the use of an iFrame, i.e. I can reproduce by pasting the URLs the iFrame submits its requests to in a plain browser tab and get same results</LI> </UL> Mon, 28 Nov 2016 21:37:47 GMT https://connect.hyland.com/t5/nuxeo-forum/explicit-authentication-request-is-skipped-if-a-user-is-logged/m-p/325686#M12687 Rafi_Cohen 2016-11-28T21:37:47Z Re: Explicit Authentication request is skipped if a user is logged in already (due to cookie I believe) https://connect.hyland.com/t5/nuxeo-forum/explicit-authentication-request-is-skipped-if-a-user-is-logged/m-p/325687#M12688 <P>That looks like a single global logout problem and depends on your SSO. For instance, with CAS, "user A logs out of our application" should imply a CAS logout. Other forms of global logout might be more complex to handle.</P> Tue, 29 Nov 2016 06:48:01 GMT https://connect.hyland.com/t5/nuxeo-forum/explicit-authentication-request-is-skipped-if-a-user-is-logged/m-p/325687#M12688 pibou_Bouvret 2016-11-29T06:48:01Z