Duplicate session opening when using multiple Kerberos instances in Combination
Concerned version
Version: %2.0.3
Summary
My LemonLDAP::NG instance authenticates users from multiple Windows domains. I have created a keytab containing several principals, as shown in the documentation.
My combination expression is:
[Kerberos, AD1] or [Kerberos, AD2]
And I of course set KrbByJS = 1
Because of that, the Kerberos AJAX query is run twice, and And it works perfectly fine, users from AD1 and AD2 are recognized with Kerberos
However, the Kerberos JS is called twice on the login page:
However, some browsers (IE, old Firefox), run the Kerberos AJAX twice and open two sessions.
The only side effect is that the DB is polluted with useless sessions.
Logs
Login page:
<script type="text/javascript" src="/static/bootstrap/js/skin.min.js"></script>
<script type="text/javascript" src="/static/common/js/portal.min.js"></script>
<script type="text/javascript" src="/static/bwr/bootstrap/dist/js/bootstrap.min.js"></script>
<script type="text/javascript" src="/static/common/js/kerberos.js"></script><script type="text/javascript" src="/static/common/js/kerberos.js"></script>
<!-- Custom <head> markups, like CSS, js, etc. -->
Logs:
[debug] Processing extractFormInfo
[debug] Append Kerberos init/script
[debug] Send init/script -> <script type="text/javascript" src="/static/common/js/kerberos.js"></script>
[debug] Store 0 in hidden key kerberos
[info] Scheme "Kerberos" returned 9, trying next
[debug] Processing extractFormInfo
[debug] Append Kerberos init/script
[debug] Send init/script -> <script type="text/javascript" src="/static/common/js/kerberos.js"></script><script type="text/javascript" src="/static/common/js/kerberos.js"></script>
[debug] Store 0 in hidden key kerberos
Possible fixes
My temporary fix is adding a '$req->data' key in Portal/Auth/Kerberos.pm
to remember that we already sent the JS code before.
# Call kerberos.js if Kerberos is the only Auth module
# kerberosChoice.js is used by Choice
$self->{AjaxInitScript} =~ s/kerberosChoice/kerberos/;
unless ($req->data->{_krbJsAlreadySent}) {
$req->data->{customScript} .= $self->{AjaxInitScript};
$self->logger->debug(
"Send init/script -> " . $req->data->{customScript} );
$req->data->{_krbJsAlreadySent} = 1;
}