Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
4.1.3
-
None
Description
even though you can register multiple single sign on handlers in the INI (via UserSettings / SingleSignOnHandlerArray )
only the last registered handler is effective. The bad code is in ezuser.php:
foreach ( $ssoHandlerArray as $ssoHandler )
{
// ... no exits from the loop ...
}
One solution is:
foreach ( $ssoHandlerArray as $ssoHandler ) { // ... no exits from the loop ... if( $ssoUser !== false ) { break; } }
Steps to reproduce
some effort to accomplish ...
setup site.ini with 2 sso handlers
create 2 sso handlers
have the first one succeed
have the second one fail
notice that you will not be logged in even if the first handler should have successfully logged you in