Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-26160

Native browser has inconsistent login prompt behavior

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: 3 - High
    • Resolution: Deferred
    • Affects Version/s: 7.21.7
    • Fix Version/s: None
    • Component/s: UI
    • Labels:
      None
    • Location:
      External

      Description

      Problem description

      Navigating to the UI browser from older redirect links results in inconsistent behaviour, i.e. if you use the old /artifactory/list in combination with missing a trailing forward slash, it reprompts for credentials (and not the usual login page with all options), even though the user is already 'logged in' to the browser

       

      Impact 

      Customers using SAML/OAuth cannot use the links previously provided as they cannot provide a user/password to Artifactory when it prompts (it does not prompt the usual login page, but rather the user/password one)

       

      Expected Behaviour

      Artifactory uses the existing log in data/cookie and is able to redirect without trying to re login the user.

       

      Steps to reproduce 

      Several cases:

      First, log into the UI as normal, so that it's not an "anon" request. Upload a file to an extended folder path, such as example-repo-local/158456/label/1/file.txt. Enable anonymous access, but do not grant the repo "read" to the anon user. 

      Then, try to navigate to these in the UI (no trailing slash):
      http://localhost:8081/artifactory/example-repo-local/158456/label/1 = get prompted for user/pass

      http://localhost:8081/artifactory/list/example-repo-local/158456/label/1 = get prompted for user/pass

       

      Now add trailing / at the end:

      http://localhost:8081/artifactory/example-repo-local/158456/label/1/ = redirects correctly

      http://localhost:8081/artifactory/list/example-repo-local/158456/label/1/ = redirects correctly

      http://localhost:8081/ui/native/example-repo-local/158456/label/1 = works

      http://localhost:8081/ui/native/example-repo-local/158456/label/1/ = works

       

      If the user is not logged in, then each response from artifactory is just 404. If anon is disabled, then the user is prompted with the usual login and can login with SAML/OAuth.

       

      Workarounds (if any) 

      Add repo to anonymous read, or disable anonymous entirely, or add a trailing slash at the end

       

      Environment Details

      Tested on 7.21.8 and 7.21.3

      DB - derby, customer is on mysql

      Standalone, customer is HA

      On prem

      Debian 10

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            loreny Loren Yeung
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Sync Status

                Connection: RTFACT Sync
                RTMID-26161 -
                SYNCHRONIZED
                • Last Sync Date: