fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard
verified publisher icon FusionAuth

FusionAuth SSO behavior interacts with Identity Provider Application enable/disable behavior in unexpected ways

Open mooreds opened this issue 2 years ago • 1 comments

FusionAuth SSO behavior interacts with Identity Provider Application enable/disable behavior in unexpected ways

Description

For application A, you can log in with google or other idps. For application B and the FusionAuth admin screen, you cannot. I'm lazy, so when I get prompted to log in by application B or the admin ui, rather than opening up my password manager, I'll just bounce over to application A and log in with google.

Then I can go back to application B or the admin UI and I'm automatically logged in (by FusionAuth SSO), even though those applications don't have the google identity provider enabled.

This seems a bit weird from a user perspective, even though I understand that FusionAuth SSO is orthogonal to how the user initially authenticates.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

mooreds avatar Oct 24 '23 22:10 mooreds

This can now be prevented by the login validation lambda: https://fusionauth.io/docs/extend/code/lambdas/login-validation I believe.

mooreds avatar Sep 11 '24 22:09 mooreds