Red Hat Bugzilla – Bug 867507
required to enter credentials twice
Last modified: 2013-07-03 19:09:19 EDT
Description of problem:
When I login through the Web UI I am asked for my credentials twice. After the second time I am allowed without an issue
Version-Release number of selected component (if applicable):
Navigate to the login screen in Safari and enter user credentials.
I've had a look into this and haven't been able to fix it properly at this stage. The cause is that two sessions are used between HTTPS and HTTP. Seam does allow sharing the data between the two sessions on the server, however from what I've been able to find this only happens if the session already exists and if the session has to be created then it doesn't work.
That is the reason that the second login will work as the first time the session doesn't exist for the HTTP scheme and when you login it creates it, but doesn't contain the information the Identity information and assumes you aren't logged in and redirects you back to the login page. When logging in the second time the Identity is shared to the session and therefore lets you continue to view the unsecured content.
As such I've found two ways to get around this. The first is to make all pages use the HTTPS protocol and the second is to trick seam to create the session when creating the HTTPS session (see: http://www.seamframework.org/Documentation/HttpHttpsSessionLostOnLogout). The second I haven't tested, as I believe the first is the better option anyways. I'll bring it up at our team meeting on Monday and see what is preferred.
The outcome from our meeting today is to use HTTPS for the entire application.
Fixed in build 20121111-0821. The fix is now live as of 9.30pm +10GMT.