Relaying party should be able to request a "login freshness" when authenticating

Bug #296458 reported by Francis J. Lacoste
4
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Francis J. Lacoste

Bug Description

When a user is logged in Launchpad, he can sign in into a relaying party simply by clicking a button.

For some relaying party, the long-lived session of users on Launchpad is a security-risk. These RP really want the user to enter their password, to minimize the risk of somebody acting on their behalf by simply clicking a button in an opened browser.

Changed in launchpad-foundations:
assignee: nobody → stub
importance: Undecided → High
milestone: none → 2.1.11
status: New → Triaged
Changed in launchpad-foundations:
assignee: stub → flacoste
status: Triaged → In Progress
Revision history for this message
Francis J. Lacoste (flacoste) wrote :

Fixed in RF 7303.

Changed in launchpad-foundations:
status: In Progress → Fix Committed
Changed in launchpad-foundations:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.