Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14572

prompt=login destroys and creates new session

    Details

    • Sprint:
      AM Sustaining Sprint 61, AM Sustaining Sprint 62
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      prompt=login destroys and creates a new session. This is a problem when the user is using multiple clients. It would be better if the session was kept during reauthentication in the same way it is when using ForceAuth=true

      How to reproduce the issue

      1. Create OAuth2/OIDC Provider and a client
      2. Open Developer Tools and monitor application cookie
      3. Call authorize endpoint until authorization code is returned
      4. Call authorize endpoint and append prompt=login
      5. After reauthenticating, you can see a new iPDP has been created
      Expected behaviour
      Session after reauthenticating should be the same as it was before reauthentication
      Current behaviour
      A new session is created after reauthenticating

      Work around

      None

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                aaron.haskins Aaron Haskins
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: