Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1655

Add a possibilty to send to IDP the prompt=login/ForceAuthn=true when the user logout

XMLWordPrintable

    • 6

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Issue Summary

      When a user session is over due to a logout, sometimes the session is still alive on IDP, and the user is not prompted for a new authentication. Send the prompt=login or ForceAuthn=true will force a reauthentication no matter what.

      It will be nice to have a parameter to control this behavior. 

      Steps to Reproduce

      1. Login in the Bitbucket using an IDP
      2. Logout of it
      3. Try to login back in, the user is automatically authenticated

      Expected Results

      The user needs to provide a username and password manually again.

      Actual Results

      The user login to the system automatically

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available.

            [ACCESS-1655] Add a possibilty to send to IDP the prompt=login/ForceAuthn=true when the user logout

            SET Analytics Bot made changes -
            Support reference count Original: 5 New: 6
            SET Analytics Bot made changes -
            Support reference count Original: 4 New: 5

            Valentijn Scholten added a comment -

            This is also important for users using multiple accounts and wanting to switch between those accounts. Currently when manually logged out of Atlassian Cloud, the user remains logged in in the IdP so upon subsequent login attempt to Atlassian Cloud the user is logged in again as the same user, where the goal of the user was to switch to a different (IdP) account.

            Valentijn Scholten added a comment - This is also important for users using multiple accounts and wanting to switch between those accounts. Currently when manually logged out of Atlassian Cloud, the user remains logged in in the IdP so upon subsequent login attempt to Atlassian Cloud the user is logged in again as the same user, where the goal of the user was to switch to a different (IdP) account.
            SET Analytics Bot made changes -
            Support reference count Original: 3 New: 4
            phani made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 924472 ]
            phani made changes -
            Remote Link Original: This issue links to "ENT-555 (Jira)" [ 915383 ] New: This issue links to "ENT-555 (Hello Jira)" [ 915383 ]
            Sascha Wiswedel made changes -
            Remote Link New: This issue links to "ENT-555 (Jira)" [ 915383 ]
            SET Analytics Bot made changes -
            Support reference count Original: 2 New: 3
            SET Analytics Bot made changes -
            Support reference count Original: 1 New: 2

            Bruno Abele added a comment - - edited

            Ticket is not very clear in description, thus will not collect much interest, even if it is important for our users.

            When

            • a users has been inactive longer than the inactivity timeout of the policy and has to re-login before being able to continue with the session (that's a must), or
            • if user logged out manually before and comes back to the Atlassian sites (maybe)

            it would be great if the email address they used before is already in the email address field in the login form.

            Current behaviour:

            • User comes to the login page and has to type their email address manually into an empty input box.
              Some companies disable automatic filling of boxes. Every day, always the same address. Users do not like that. So many keys to press to enter data Atlassian already could know.

            Future behaviour:

            • User comes to the login page and the email address used for last login (on that browser) is already in the input box, so in most cases, users just has to press the login button.
              If user is then forwarded to a SSO provider where user is already authenticated, the Atlassian (re-)login is only one click (login button).

            Bruno Abele added a comment - - edited Ticket is not very clear in description, thus will not collect much interest, even if it is important for our users. When a users has been inactive longer than the inactivity timeout of the policy and has to re-login before being able to continue with the session (that's a must), or if user logged out manually before and comes back to the Atlassian sites (maybe) it would be great if the email address they used before is already in the email address field in the login form. Current behaviour: User comes to the login page and has to type their email address manually into an empty input box. Some companies disable automatic filling of boxes. Every day, always the same address. Users do not like that. So many keys to press to enter data Atlassian already could know. Future behaviour: User comes to the login page and the email address used for last login (on that browser) is already in the input box, so in most cases, users just has to press the login button. If user is then forwarded to a SSO provider where user is already authenticated, the Atlassian (re-)login is only one click (login button).

              Unassigned Unassigned
              6eec25a24f71 Diego Martins (Inactive)
              Votes:
              10 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: