Relaying party should be able to request a "login freshness" when authenticating
Bug #296458 reported by
Francis J. Lacoste
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Francis J. Lacoste |
Bug Description
When a user is logged in Launchpad, he can sign in into a relaying party simply by clicking a button.
For some relaying party, the long-lived session of users on Launchpad is a security-risk. These RP really want the user to enter their password, to minimize the risk of somebody acting on their behalf by simply clicking a button in an opened browser.
Changed in launchpad-foundations: | |
assignee: | nobody → stub |
importance: | Undecided → High |
milestone: | none → 2.1.11 |
status: | New → Triaged |
Changed in launchpad-foundations: | |
assignee: | stub → flacoste |
status: | Triaged → In Progress |
Changed in launchpad-foundations: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixed in RF 7303.