Details

    • Type: Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 7.0.0 DXP FP17, 7.0.X, Master
    • Fix Version/s: None
    • Labels:
      None
    • Fix Priority:
      3

      Description

      Steps to reproduce:

      • Enable Token Based SSO, switch "Token Location" to COOKIE
      • Run from cmd: curl -i 'localhost:8080/?redirect=/sm_test' -H 'Cookie: SM_USER=test@liferay.com;'
      • Run from cmd: curl -i 'localhost:8080/?redirect=/sm_test' -H 'Cookie: SM_USER=test;'

      Expected result: one of the requests should succeed (HTTP 302 redirect)
      Actual result: Two error messages in logs

      Workaround: Set authentication mode to Screen Name instead of Email Address (Control Panel -> Configuration -> Instance Settings -> Authentication -> General)

      15:46:31,722 ERROR [http-nio-8080-exec-8][AutoLoginFilter:255] Current URL / generates exception: com.liferay.portal.kernel.exception.NoSuchUserException: No User exists with the key {companyId=20111, emailAddress=test}
      15:47:57,965 ERROR [http-nio-8080-exec-5][AutoLoginFilter:255] Current URL / generates exception: com.liferay.portal.kernel.exception.NoSuchUserException: No User exists with the key {companyId=20111, emailAddress=test%40liferay.com}
      

      Original report:

      Issue
      Token-based SSO works with Request Header token but not with Cookie token.

      Steps to reproduce

      1. Prepare an Apache environment (in my case a win7 virtual machine)
      2. Set in "hosts" file the proper IP and name for your host computer
        10.211.66.1 host.local
      3. Add the following configuration in Apache's "httpd.conf"
        NameVirtualHost *:80
        <VirtualHost *:80>
         ServerName liferay.local
         ProxyRequests On
         ProxyPreserveHost On
         ProxyPass / http://host.local:8080/
         ProxyPassReverse / http://host.local:8080/
         RequestHeader set SM_USER "test@liferay.com"
        </VirtualHost>
      4. Start Apache
      5. In host computer, set in "hosts" file the IP and domain for your apache
        10.211.66.1 liferay.local
      6. Prepare a clean DXP bundle
      7. Set the following "portal-ext.properties"
        web.server.http.port=80
        web.server.https.port=443
        web.server.host=liferay.local
        web.server.protocol=http
        redirect.url.ips.allowed=127.0.0.1,SERVER_IP,10.211.66.57
      8. Start the bundle
      9. Sign in with onmiadmin user
      10. Go to Control Panel > Configuration > System Settings > search for "SSO" > Token Based SSO
      11. Make sure Token Location is set to REQUEST HEADER
      12. Click on Enable and Save
      13. Sign Out
      14. Note that your're auto signed in because Apache is feeding SM_USER token in request header and Token Based SSO is picking it up
      15. Go to Token Based SSO again
      16. Change Token Location to Cookie and Save
      17. Sign out
      18. Note that you're successfully signed out
      19. In Apache's configuration, comment out RequestHeader and add a cookie token header
        #RequestHeader set SM_USER "test@liferay.com"
        Header add Set-Cookie "SM_USER=test@liferay.com;path=/;HttpOnly;"
      20. Restart Apache
      21. Go back to the browser and reload the home page
      22. Note that we're not auto-signed in!
      23. With "Inspector", "Firebug" etc check that SM_USER cookie exist and has admin's email address

      Actual results
      Cookie-based authentication is not picking up token and singing user in

      Expected results
      Cookie-based authentication picks cookie and user is auto-signed in

        Attachments

          Activity

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 50 weeks, 5 days ago

                Packages

                Version Package