Lavoisier

Reynaud Sylvain wrote:

PRE-REQUISITE: we must be able to distinguish abort from failure for each authentication mode.

Authentication attempt is considered as aborted if:

• X509: usage of protocol HTTP instead of HTTPS

If HTTP is used, then the X509 will not be selected as authenticator in the chain, except if the chain is empty and it's the last authenticator supported. In this case, the user will be offered a HTTPS->HTTP automatic redirection

• PASSWORD: users clics on the button "cancel"

Cancel does not send HTTP request.

• IP: the list of authenticated IP does not contain user's IP

OK

• CAS: to be defined...

To be defined

Authentication attempt is considered as failed if:

• X509: CA is unknown

This is done at the SSL level, so in principle X509 will never fail

• PASSWORD: unknown user or wrong password

OK

• IP: NEVER FAILS !!!

OK

• CAS: to be defined...

If the ticket is not valid, the CAS login module automatically redirect to the CAS server and thus triggers the generation of a new ticket that will be validated at next request.

Authentication is considered as failed:

• either if ANY authencation attempt has failed
• or if ALL the authentication attempt have been canceled