fusionauth-site icon indicating copy to clipboard operation
fusionauth-site copied to clipboard
verified publisher icon FusionAuth

Update documentation about SSO sessions vs. self-service account feature

Open dransome opened this issue 2 years ago • 1 comments

The Self Service Account Management > Troubleshooting page has a 'Trapped in the login screen' section describing that the self-service account management feature doesn't work properly if 'remember me' is unchecked (or removed) from the SSO login screen.

It points to https://github.com/FusionAuth/fusionauth-issues/issues/1546 which further points to https://github.com/FusionAuth/fusionauth-issues/issues/1860

As far as I can tell, https://github.com/FusionAuth/fusionauth-issues/issues/1860 was delivered and therefore the mentioned limitation is no longer current (I think since 1.45.0?).

However, a further limitation now exists regarding self service account management that ought to be documented: logout doesn't work "as expected", per https://github.com/FusionAuth/fusionauth-issues/issues/2298 -> this also has security implications, since self service account management can potentially be used to change the user password (optionally, without entering the existing password)!

dransome avatar Sep 22 '23 11:09 dransome

Thanks for the feedback @dransome ! We'll take a look and see what doc needs to be updated.

mooreds avatar Sep 28 '23 14:09 mooreds

Closed via https://github.com/FusionAuth/fusionauth-site/pull/3150

mooreds avatar Jul 15 '24 15:07 mooreds