expired issuer context is not reset when starting new authentication
Concerned version
Version: %2.0
Summary
On 2.0.5:
- Browse to Issuer 1
- Get redirected to login form
- Don't touch login form, browse to Issuer 2
- Get redirected to login form again
- This time, actually login
- LLNG sends you to issuer 1
This works if issuer 1 and issuer 2 are the same type (CAS, OIDC or SAML), but not if issuer 1 and issuer 2 are different types.
A related issue is the following scenario:
- Browse to Issuer 1, get redirected to login
- Forget about that tab for some hours
- Browse to Issuer 2 (or Issuer 1 again), get redirected to login
- Since the context from the first request has expired, you now get an error