Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-29636

Logging in as a new user in OpenSSO does not auto-login the new user in Liferay


    • Type: Bug
    • Status: Closed
    • Resolution: No Longer Reproducible
    • Affects Version/s: 6.1.1 CE GA2
    • Fix Version/s: 6.2.0 CE M4
    • Component/s: Application Security
    • Environment:


      We use OpenSSO and LDAP to auto-login users from our legacy site. Liferay is accessed using a link on our legacy portal, which brings up Liferay in a separate browser window. If a user logs out from the legacy portal (invalidating the OpenSSO session), and a new user logs in and attempts to interact with Liferay (which is still open from the first user), the first user's session is invalidated as it should be, but the new user does not get logged in. We do not allow guests to view our pages, so they end up getting an error stating they do not have permission to view the site.

      Looking through the source, I think the issue might be caused by storing user information in the HTTP request attributes. We added code to clear out those attributes when a new OpenSSO session is detected in the filter. This seems to have cleared things up for us, and the new user gets a session.




            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created:
                Days since last comment:
                6 years, 42 weeks, 5 days ago


                Version Package
                6.2.0 CE M4