You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a user is challenged to authenticate via SPNEGO and this succeeds, i.e. we get a user id, then we may still end up with a situation where that user does not have permission to render the page, causing a new challenge.
I think it makes sense to set some sort of cookie (with a not-far-in-the-future expiration, perhaps configurable) to say that we've actually authenticated this user and challenging won't help getting the authorization.
Makes sense?
The text was updated successfully, but these errors were encountered:
If a user is challenged to authenticate via SPNEGO and this succeeds, i.e. we get a user id, then we may still end up with a situation where that user does not have permission to render the page, causing a new challenge.
I think it makes sense to set some sort of cookie (with a not-far-in-the-future expiration, perhaps configurable) to say that we've actually authenticated this user and challenging won't help getting the authorization.
Makes sense?
The text was updated successfully, but these errors were encountered: