product-is icon indicating copy to clipboard operation
product-is copied to clipboard

Published 20 hours ago verified publisher icon wso2

Silent authentication issue with identifier first handler

Open rksk opened this issue 8 months ago • 0 comments

Describe the issue: A fix was done with https://github.com/wso2/product-is/issues/3856 to avoid prompting identifier first handler (IDF) if previously logged in with basic auth. But silent authentication flow is not handled.

A workaround is available with adaptive script to avoid executing the first step if prompt=none query param is sent. But it is quite complex when there is a complex adaptive script is already in place.

How to reproduce: Two service providers:-

  • SP A: Basic auth only
  • SP B: Identifier first handler (IDF) in the first step and basic+smsotp+emailotp in the second step

First login to SP A, then try to initiate a silent authentication request (prompt=none) for SP B. You will get authentication required error. But if the prompt=none was not used, it does SSO without any prompts. After successful authentication without prompt=none, sending prompt=none in subsequent requests does not cause any errors.

Expected behavior: It should complete silent authentication sucessfully

Related issues:

  • https://github.com/wso2/product-is/issues/3856
  • https://github.com/wso2/product-is/issues/11965

rksk avatar Jun 14 '24 15:06 rksk