I need some serious help here. Some test users are getting "Access Denied" after automatic registration no matter how many times they restart their browsers. They seem to need to delete all the related cookies in order to get back in. This is not acceptable for typical users.
How do we clear an "Access Denied" session? Steve Lihn -----Original Message----- From: Lihn, Steve Sent: Monday, September 18, 2006 3:40 PM To: '[email protected]' Subject: RE: How users are added in SSO scenario Dave, I found during those "Access denied" pages, the log registered the following: WARN 2006-09-18 15:09:01,205 CustomUserRegistry:getUserDetailsFromAuthentication - Unsupported Principal type in Authentication. Skipping auto-registration. What is Roller looking for from LDAP? Certain roles? The following sequence can auto-register a new user, it works, but not nice: 1. Ask user to authenticate in Login page. 2. He will be directed to "Access Denied" page. I added a link in 403body.jsp to go to "New User Registration". 3. User click on the link to go to "New User Registration", where information will be populated magically. 4. Click on "Register User". This will bring him to "User Registered" page. 5. Click on "Logout". 6. Close browser completely. 7. Restart browser, and he will be able to login. Hope this sequence will help you debug! -----Original Message----- From: Lihn, Steve Sent: Friday, September 15, 2006 5:27 PM To: '[email protected]' Subject: How users are added in SSO scenario Dave, Can you explain, in the case of SSO, how users are added, assuming we allow everybody in LDAP to become users of Roller? Since SSO is turned on, I want to turn off the jdbc auth provider because I do not want people to register with an ID that is not in LDAP. However, the rolename still has to come from database table. What should I do here? I asked my coworker (next cube) to login (he is a new user). He first got access denied. But then he clicked on "register", his name and email are all populated (obviously Roller talked to LDAP). But he still get access denied. Then he open a new window, he was able to login cleanly and post a blog. I do not have to do anything except turning on "accept new users". But with all the errors he got, I am not sure what has happened behind the scene. Thanks, Steve Lihn ------------------------------------------------------------------------------ Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan, as Banyu - direct contact information for affiliates is available at http://www.merck.com/contact/contacts.html) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. ------------------------------------------------------------------------------
