CAM 1841- Redirecting to session after SSO login

Hi,

Am working on this issue for a week now and I couldn’t find a solution.

Am trying to redirect user after successful SSO login to the expired session/shared process URL instead it is redirected to cockpit page. I looked at an existing ticket which was closed long time ago but there was no solution in it. Please assist, thanks.

Can you elaborate on what your current state is? I think the answer largely depends on the route you took to implement SSO for your environment. If you’re using SSO at the application server level or Spring Security as recommended in the best practices, the redirect should be taken care of for you.

Yes am using spring security authentication

Its not happening automatically, instead it is redirected to /app/welcome/default/#!/welcome page while the expected redirection should happen to originally requested page

Can you share any of your implementation? I don’t think you’re going to find any generic advice other than what’s already out there on the internet. Unless you have reason to believe otherwise, it seems like a configuration issue.

httpSecurity.csrf().disable()
.authorizeRequests()
.antMatchers("/auth/callback","/adfs/", “/login”, "/oauth2/authorization/", “//favicon.ico", "/engine-rest/”).permitAll()
.antMatchers("/app/**")
.authenticated()
.and()
.oauth2Login()
.successHandler(successHandler())
.defaultSuccessUrl("/")
.and()
.exceptionHandling()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER);
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);

And what’s in your successHandler()?

public AuthenticationSuccessHandler successHandler() {
SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler();
handler.setUseReferer(true);
return handler;
}

@jgigliotti Does my response help

It does a bit, but nothing is jumping out at me. It may be tough without a small reproduction to experiment with. If nothing else, would expect handler.setUseReferer(true) to be enough to make it do the right thing.

Just to clarify, you’ve navigated somewhere inside the Cockpit (e.g. list of processes) and login is successful but you’re redirected to the main Cockpit page instead of the original destination? You’re not being routed to the Cockpit login page or anything that would make you think login failed, correct?

thats correct. If the user doesn’t have an active session it will redirect the user to SSO and redirect back to destination URL instead it is redirecting to cockpit page

Any Suggestions @jgigliotti

Not based on the information you’ve posted thus far. If you could post a small reproduction, that would be helpful. I was going to try out of curiosity, but that’ll have to be time permitting.

Can we connect over a google meet if possible @jgigliotti

@abhilashk6303 I think you should try to get a repro out to the community for the sake of history on the forum.

Hey @abretz Am not allowed to do that. Is there some way we can connect

@abhilashk6303 last I checked this was a forum, not a meeting ground for free Spring debugging.

Can you verify and post the result of handler.getRedirectStrategy()?

Sorry @abhilashk6303, work and family keep me pretty busy. I touch base in the forums whenever I get a chance.

I was able to get a small reproduction going, but it seems like the behavior is close, but not exact. If I’ve already logged in via SSO once and try to navigate to a page deep into Cockpit, say a specific process deployment (e.g. http://localhost:8080/app/cockpit/default/#/process-definition/example:1:df90e1bd-35bc-11eb-815b-9ea5f5f2c29d), the redirects happen through the identity provider (but I’m never prompted to login) and then I’m redirected to the proper page (viewing running instance).

If, however, I’ve not logged in before, and I get prompted for credentials from the identity provider, I am then redirected to http://localhost:8080/app/cockpit/default/#/dashboard, instead of the original destination.

Do you see similar behavior? If already authorized with the identity provider, are you being redirected properly? Or are you being redirected to Cockpit dashboard every single time regardless?

1 Like

In my case, am redirected to cockpit page in both situations @jgigliotti.

Here’s the reproduction I came up with, hopefully it helps. At this point I can only speculate as to what else in the environment/code/setup is giving you different results.


1 Like