-
Type:
Bug
-
Status: Closed
-
Resolution: Deferred
-
Affects Version/s: 7.21.7
-
Fix Version/s: None
-
Component/s: UI
-
Labels:None
-
Location:External
Problem description
Navigating to the UI browser from older redirect links results in inconsistent behaviour, i.e. if you use the old /artifactory/list in combination with missing a trailing forward slash, it reprompts for credentials (and not the usual login page with all options), even though the user is already 'logged in' to the browser
Impact
Customers using SAML/OAuth cannot use the links previously provided as they cannot provide a user/password to Artifactory when it prompts (it does not prompt the usual login page, but rather the user/password one)
Expected Behaviour
Artifactory uses the existing log in data/cookie and is able to redirect without trying to re login the user.
Steps to reproduce
Several cases:
First, log into the UI as normal, so that it's not an "anon" request. Upload a file to an extended folder path, such as example-repo-local/158456/label/1/file.txt. Enable anonymous access, but do not grant the repo "read" to the anon user.
Then, try to navigate to these in the UI (no trailing slash):
http://localhost:8081/artifactory/example-repo-local/158456/label/1 = get prompted for user/pass
http://localhost:8081/artifactory/list/example-repo-local/158456/label/1 = get prompted for user/pass
Now add trailing / at the end:
http://localhost:8081/artifactory/example-repo-local/158456/label/1/ = redirects correctly
http://localhost:8081/artifactory/list/example-repo-local/158456/label/1/ = redirects correctly
http://localhost:8081/ui/native/example-repo-local/158456/label/1 = works
http://localhost:8081/ui/native/example-repo-local/158456/label/1/ = works
If the user is not logged in, then each response from artifactory is just 404. If anon is disabled, then the user is prompted with the usual login and can login with SAML/OAuth.
Workarounds (if any)
Add repo to anonymous read, or disable anonymous entirely, or add a trailing slash at the end
Environment Details
Tested on 7.21.8 and 7.21.3
DB - derby, customer is on mysql
Standalone, customer is HA
On prem
Debian 10