-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO not working in IE 11 when I active form login #560
Comments
I checked the Security filter chain and the only diffence is that when I add the form login, UsernamePasswordAuthenticationFilter is incluided. I debugged in IE and without form login. The difference is the attemp to login when there is no session created. This trace is without login form:08:33:46.678 [http-nio-8181-exec-7] INFO Spring Security Debugger - Request received for GET '/index.jsp': org.apache.catalina.connector.RequestFacade@27509242 servletPath:/index.jsp Security filter chain: [ 08:33:46.683 [http-nio-8181-exec-7] INFO Spring Security Debugger - New HTTP session created: 0F39FFAF12D2DCA0B353513EB06A9175 Call stack:
08:33:46.689 [http-nio-8181-exec-8] INFO Spring Security Debugger - Request received for GET '/index.jsp': org.apache.catalina.connector.RequestFacade@27509242 servletPath:/index.jsp Security filter chain: [ 08:33:46.689 [http-nio-8181-exec-8] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - security package: Negotiate, connection id: 127.0.0.1:50532 Request received for GET '/index.jsp': org.apache.catalina.connector.RequestFacade@27509242 servletPath:/index.jsp Security filter chain: [ 08:33:46.700 [http-nio-8181-exec-9] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - security package: Negotiate, connection id: 127.0.0.1:50532 # ## With login form: Request received for GET '/index.jsp': org.apache.catalina.connector.RequestFacade@1545ae9d servletPath:/index.jsp Security filter chain: [ 08:37:40.517 [http-nio-8181-exec-2] INFO Spring Security Debugger - New HTTP session created: CE852E4F22A58581098F7EC59A7B5471 Call stack:
08:37:40.536 [http-nio-8181-exec-2] INFO Spring Security Debugger - Request received for GET '/login.xhtml': WHY??? org.apache.catalina.connector.RequestFacade@1545ae9d servletPath:/login.xhtml Security filter chain: [ 08:37:41.178 [http-nio-8181-exec-2] DEBUG org.hibernate.validator.internal.engine.resolver.DefaultTraversableResolver - Found javax.persistence.Persistence on classpath containing 'getPersistenceUtil'. Assuming JPA 2 environment. Trying to instantiate JPA aware TraversableResolver Request received for GET '/javax.faces.resource/primefaces.css.xhtml?ln=primefaces&v=5.3&v=5.3': org.apache.catalina.connector.RequestFacade@1545ae9d servletPath:/javax.faces.resource/primefaces.css.xhtml Security filter chain: [] empty (bypassed by security='none') 08:37:43.525 [http-nio-8181-exec-4] INFO Spring Security Debugger - Request received for GET '/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=5.3&v=5.3': org.apache.catalina.connector.RequestFacade@4cb324a0 servletPath:/javax.faces.resource/jquery/jquery.js.xhtml Security filter chain: [] empty (bypassed by security='none') 08:37:43.545 [http-nio-8181-exec-5] INFO Spring Security Debugger - Request received for GET '/javax.faces.resource/primefaces.js.xhtml?ln=primefaces&v=5.3&v=5.3': org.apache.catalina.connector.RequestFacade@230e8c3a servletPath:/javax.faces.resource/primefaces.js.xhtml Security filter chain: [] empty (bypassed by security='none') 08:37:43.691 [http-nio-8181-exec-6] INFO Spring Security Debugger - Request received for GET '/javax.faces.resource/js/css3-mediaqueries.js.xhtml': org.apache.catalina.connector.RequestFacade@1545ae9d servletPath:/javax.faces.resource/js/css3-mediaqueries.js.xhtml Security filter chain: [] empty (bypassed by security='none') 08:37:43.693 [http-nio-8181-exec-7] INFO Spring Security Debugger - Request received for GET '/javax.faces.resource/js/html5shiv.min.js.xhtml': org.apache.catalina.connector.RequestFacade@230e8c3a servletPath:/javax.faces.resource/js/html5shiv.min.js.xhtml Security filter chain: [] empty (bypassed by security='none') 08:37:43.694 [http-nio-8181-exec-8] INFO Spring Security Debugger - Request received for GET '/javax.faces.resource/js/respond.min.js.xhtml': org.apache.catalina.connector.RequestFacade@4cb324a0 servletPath:/javax.faces.resource/js/respond.min.js.xhtml Security filter chain: [] empty (bypassed by security='none') 08:37:43.706 [http-nio-8181-exec-9] INFO Spring Security Debugger - Request received for GET '/javax.faces.resource/img/logo.png.xhtml': org.apache.catalina.connector.RequestFacade@1545ae9d servletPath:/javax.faces.resource/img/logo.png.xhtml Security filter chain: [] empty (bypassed by security='none') |
I believe that UsernamePasswordAuthenticationFilter is finishing the security chain |
Does this work in other browsers or do you experience same problem with them? |
In other browser works fine, my problem is only in IE when I active login form. It's a bit strange because without login form IE works perfectly.. |
Hi,
I have a strange workaround. I'm using waffle-spring-security4 (1.8.3 version). The SSO works perfectly, but when I active form login (in spring security) IE 11 (11.0.9600.18762 version) SSO doesn't work.
I debugged and I found out that authorizationHeader (authorizationHeader.isNull() in NegotiateSecurityFilter) is always null I'm being redirect to login form because the authentication fail. I'm using spring security 4.2.1 and Spring Web 4.3.5.RELEASE.
I'm aware of https://github.com/Waffle/waffle/blob/master/Docs/ConfiguringBrowsers.md configuration and I followed all steps and I don't what is happening.
My WebSecurityConfig class
}
I'm using this dependency:
com.github.waffle
waffle-spring-security4
1.8.3
My WaffleConfig is:
@configuration
public class WaffleConfig {
}
When I'm usign sso and form login I have this workaround (i don't have body request):
Without login form
Thanks in advance!
The text was updated successfully, but these errors were encountered: