Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-22326

Fix bad redirection to login page for anonymous blob download

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.10, 8.10
    • Fix Version/s: 7.10-HF28, 8.10-HF10, 9.2
    • Component/s: Shibboleth

      Description

      1. setup shibboleth server allowing anonymous configuration
      2. setup Nuxeo server with anonymous login enabled
      3. log in
      4. create a File document with a file attached
      5. copy in a text editor the document link
      6. copy in a text editor the document blob link
      7. log out
      8. attempt to access the document link -> Nuxeo redirects to the IdP login page
      9. attempt to access the blob link -> Nuxeo does not redirect and gives a forbidden response: 
        You don't have the necessary permission to do the requested action.

You don't have sufficient rights to perform this operation.

      This does not happen to versions earlier than 7.10

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-23311 Fix login in anonymous configuration with Shibboleth broken by NXP-22326

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Votes:
                10 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week
                  1w