Details
-
Bug
-
Resolution: Fixed
-
High
-
2014.11, 5.3.4, 5.4.1
-
None
-
Pollux Core S5
Description
When using the legacy_sso_handler feature, described in https://doc.ez.no/display/EZP/Authentication in eZ Publish 5.4, the login will not work as expected:
- Returning a valid user in the legacy sso handler will result in authentication failure ( "A valid username and password is required to login.")
- Returning a false result in the sso handler will result in an infinite redirect loop. After this it is necessary to remove the session cookie, otherwise any page will result in a redirect loop.
Steps to reproduce:
- enable ezpublish_legacy_sso in security.yml:
security: firewalls: ezpublish_front: pattern: ^/ anonymous: ~ # Adding the following entry will activate the use of old SSO handlers. ezpublish_legacy_sso: ~
- Implement a simple sso_handler, such as the example in http://share.ez.no/learn/ez-publish/using-a-sso-in-ez-publish
Note:
This appears to be a regression of some sort, as the behavior in eZ Publish 5.3 is correct.