Details
-
Type: extRequest
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Web Browser: Google Chrome version 38.0.2125.104
Operating System: OSX version 10.9.3
Description:
In a previous issue, titled ‘Account’s issues to access filab’, we
explained we couldn’t access filab using a gmail’s account. Thus, we had to
sign in using another account: pablofm@gmail.com. Then we were logged as
Pablo.
When we received a confirmation email to the hotmail’s account we logged in
using that hotmail’s account. We clicked on Mashup button and when the page
reloaded we were, again, logged as Pablo without closing session or
changing users.
Here are the details about the users and account used.
1. Pablo - pablofm@gmail.com
2. Wirecloud - wirecloud.test.ulpgc@hotmail.com
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
Although the description of this issue uses the Mashup portal, I think this problem is more related to the IdM SSO architecture (so I'm going to reassign this issue to the IdM team).
Currently, each portal has his own session management. The Mashup portal closes the user session when the user sign outs directly from the Mashup portal or from another of the global portals (there is a mechanism for signalling this event). If you didn't close your session before following the link provided by the confirmation email, the old user session was never closed in the Mashup portal. This had also happened to other FIWARE Lab's portals as they use the same scheme.