• Type: Bug
• Resolution: Fixed
• Priority: High
• Fix Version/s: 3.3.6, 3.4.5
• Affects Version/s: 3.3.0, 3.4.0
• Component/s: None
• Labels:

  None

1. 

   tokenkey.png

   57 kB

   30/Jan/2019 3:00 PM

[CWD-5352] session.tokenkey value randomly generated with quotes causing login issues to applications

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 8:01 AM

Epic Link

Original: CWD-4704 [ 600140 ]

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:06 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 3092712 ]	New: JAC Bug Workflow v3 [ 3365579 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

SET Analytics Bot made changes - 24/May/2019 12:51 AM

UIS

Original: 241

New: 262

Mareusz (Inactive) made changes - 23/May/2019 12:21 PM

Resolution		New: Fixed [ 1 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]

Bugfix Automation Bot made changes - 23/May/2019 10:01 AM

Support reference count

Original: 12

New: 13

Robert Chang made changes - 22/May/2019 5:09 PM

Description

Original: h3. Issue Summary session.tokenkey value sometimes generated with quotes h3. Environment  * Crowd 3.3.3  * Confluence any version h3. Steps to Reproduce  # Connect Confluence and Crowd with SSO  # Login to Confluence as Crowd users  # Go to Browser Console, to check the session cookies generated h3. Expected Results Session.tokenkey (or crowd.token_key) value will not have quotes h3. Actual Results Session.tokenkey (or crowd.token_key) values will have quotes when an _equal_(=) sign exist in the token  !tokenkey.png|thumbnail!  (i) Looking into the HAR file, the token with quotes will have 1 pair of quotes being _escaped_ that look something like this: {code:java}               "name": "crowd.token_key",               "value": "\"xxxxxxxxxxxxxxxxx=\"", {code} h3. Notes  * This issue not seen without SSO  * This issue does not exists in Crowd version 3.2.5 h3. Workaround  * As the Token is being generated randomly, the affected user can try to *Log Out* and *re-Log In* again to get a new token generated.  * (!) There are still chances that after re-logging the user still get another token with an _equal_(=) symbol in it and hitting into the same issue

New: h3. Issue Summary session.tokenkey value sometimes generated with quotes. This can impact the SSO experience by unexpectedly overwriting cookies h3. Environment  * Crowd 3.3.3  * Confluence any version h3. Steps to Reproduce  # Connect Confluence and Crowd with SSO  # Login to Confluence as Crowd users  # Go to Browser Console, to check the session cookies generated h3. Expected Results Session.tokenkey (or crowd.token_key) value will not have quotes h3. Actual Results Session.tokenkey (or crowd.token_key) values will have quotes when an _equal_(=) sign exist in the token  !tokenkey.png|thumbnail!  (i) Looking into the HAR file, the token with quotes will have 1 pair of quotes being _escaped_ that look something like this: {code:java}               "name": "crowd.token_key",               "value": "\"xxxxxxxxxxxxxxxxx=\"", {code} h3. Notes  * This issue not seen without SSO  * This issue does not exists in Crowd version 3.2.5 h3. Workaround  * As the Token is being generated randomly, the affected user can try to *Log Out* and *re-Log In* again to get a new token generated.  * (!) There are still chances that after re-logging the user still get another token with an _equal_(=) symbol in it and hitting into the same issue

SET Analytics Bot made changes - 22/May/2019 12:43 AM

UIS

Original: 201

New: 241

David Black made changes - 21/May/2019 10:00 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 424968 ]

Marcin Kempa made changes - 21/May/2019 9:50 PM

Affects Version/s		New: 3.3.0 [ 79701 ]
Affects Version/s	Original: 3.3.3 [ 84691 ]

Mareusz (Inactive) made changes - 21/May/2019 2:37 PM

Fix Version/s		New: 3.3.6 [ 86498 ]
Fix Version/s		New: 3.4.5 [ 86494 ]

Load more older history items