After successfully authenticating with an external SSO provider using hyperlinks provided by the LoginPortlet (Facebook, Google etc.) the user should be automatically logged in because the following method is called...
However this does not result in a successful login because the actual type of HttpServletRequest is HttpServletRequestBuilderWrapperImpl which adds a prefix to every HttpSession attribute that is set by login(). The prefix in this case is "equinox.http.comliferayloginweb". Consequently the AutoLoginFilter cannot find the attributes that were set. For example "j_username".
Steps to reproduce (using Facebook Connect SSO):
- Create an incomplete (guest) user by posting a comment using the "Reply as..." button and logging in with the "guest" option. Be sure to enter the same email address that you have registered with your Facebook account. Your comment will be posted but you will not actually be logged in at this stage (expected).
- Log in using the LoginPortlet's "Facebook" hyperlink
- When asked if you want to associate your existing incomplete user do so
Expected result: You are logged into the portal
Actual result: You are presented with a login prompt