<div dir="ltr"><div><div>With SSO the client sends the client
secret to SSO which is stored in the session. Now when the clients
session expires all the information including the client secret is lost
when the session is purged by the application server.<br><br>Here is the sequence<br><br>1. login to webadmin<br>2. Leave the session until session time out on engine and user is redirected to login page (the client id and secret are sent)<br>3.
If user tries to login now everything will be fine but if user leaves
and the session expires the session is purged, client secret is lost<br>4.
User enters user name password on the screen after coming back. The
login form does not have a session associated with it so the client and
secret are not found and SSO needs to report that the session has
expired and redirect user to welcome page.<br><br>The client id and secret cannot be stored in login page as they are supposed to be kept secret. <br><br></div>To revert to old behavior we need a patch that can saveĀ client and secret for the session out side the session object in a global data structure<br>and create a unique token that can be used to associate the login page with the client secret stored in the global data structure.<br>The token can be included in the login page.<br><br></div>Ravi<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 4, 2017 at 12:59 PM, Robert Story <span dir="ltr"><<a href="mailto:rstory@tislabs.com" target="_blank">rstory@tislabs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Since I upgrade to 4.0, I get this annoying message when I try to log in<br>
again after I've been away for a while. On 3.6 the ui would go to a login<br>
screen after some period of inactivity, and I could log right back in. With<br>
4.0, logging in after inactivity goes to a page with this message, and I<br>
have to click to get a login page and then log in again. This is very<br>
annoying. Is there a way to revert to the old behavior?<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
Robert<br>
<br>
--<br>
Senior Software Engineer @ Parsons<br>
</font></span><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>