We're updating the issue view to help you get more done. 

No proactive verification of user credentials when logging into secured web-ui

Description

When security is enabled, authentication to the web-ui is now required.

Previous versions allowed unauthenticated users to get past the login screen to the web management console. This didn't cause any security breaches because the server was secure and users were not exposed to sensitive areas of the application. However, it provided a poor user experience, causing users to assume they had gained access when they in fact didn't have access.

Workaround

None

Acceptance Test

test.webui.security.ExistingCustomCredentialsProviderNonSecuredUserSecuredWebServerBasicTest
test.webui.security.ExistingCustomSecurityAndCustomCredentialsSecuredWebServerTest
test.webui.security.MissingCustomCredentialsProviderSecuredWebServerBasicTest
test.webui.security.MissingCustomSecurityAndCustomCredentialsNonSecuredUserTest

Status

Assignee

EvgenyF

Reporter

Yuval Dori

Labels

Priority

Major

SalesForce Case ID

00011393

Fix versions

Commitment Version/s

None

Due date

None

Product

XAP

Edition

Premium

Platform

All

Sprint

None