If a User has logged into the application, they must stay logged in even if they dont touch the application and it is in the background, this is so that any alerts will appear/sound, and if they want to take immediate action they can do that.
However if the user logs out, their session must be terminated and they are forced to log in again.
Problem: We have just been through a security review and the application is failing with a scenario;
UserA logs in, and then logging out, but a different user being able to hijack the token that UserA was issued. ie Logout does not destroy the token.
To reproduce this issue perform the following steps: Session Timeout
Hi,
We are upgrading to v8.3-preview with one of the goals being to enable tenants and their users (our implementation is SaaS), to setup user authentication using their entra verification so the tenants can choose to have one authentication.
I read https://abp.io/support/questions/7501/Problems-with-integration-of-Entra-External-ID and noted that this was acknowledged as a bug and would be fixed in next reelase. Before we go down the path of trying to use Entra/SAML can you confirm that this is all working?
There a rea bunch of old articles, support tickets and the sample on Github is now 4 years old, so is there a worked example/screen shots of steps to setup on both the Entra and also on ABP.io project side for each tenant to implement Entra authenticated login?
Thanks, Andrew
https://abp.io/docs/latest/release-info/migration-guides - the v8.2 and v8.3 links are missing.. also the Release Notes pave now don't show v8.2 as final and nothing about v8.3..
Links for upgrade to v8.2 and v8.3 are broken.
Can you please urgently re-instate miigration/update links. We are trying to upvrade from 7.x to v8.3.
https://abp.io/docs/latest/release-info/migration-guides/v8_2?_redirected=B8ABF606AA1BDF5C629883DF1061649A
I recommend closing this topic and highlighting what is in the Roadmap and what is not so that we can vote on which feature we consider priority.
Now there are many proposals, but we don't know what you are working on.
Thanks
I agree should be raised as seperate issues in github and assigned to milestones.
When using Twilio and SmsMessage, add the ability to override the "From Number" in the SmsMessage.
We are going to associate a number with each user and have the SMS messages be in "personal" threads.
There may be some regulatory issues depending on country, and also you will need twilio approval as you are effectively spoofing someone elses mobile number.
Hi,
Is it possible to have the roadmap updated https://github.com/abpframework/abp/milestones so we can do some planning around our product upgrades for v7.3 or are you going to merge with v7.4 final?
Also for all the suggestions in #3052 is there an intention to move those to Github items? I created a couple of items 3 months ago and don't know what is happening..
Thanks,
Andrew
I expect it would have to be pushed from AzureAD when the user is set at that end to be able to use Azure credentials. I would expect that as it's an AzureAD-ABP.io interface there would be some configureation on the abp.io side to catch the connection fromAzureAD.
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-config-problem
Ok, will check that.
How do we automatically create a new tenant user in the correct tenant, when the user is added in their AzureAD?
Hi Maliming,
It seems that the AzureAD authentication as implemented in abp.io is not designed for multi-tenant. Users do not select a tenant on login.
They are unique in the system so their login details define their tenant.
How can we have multi-tenant, multi-AzureAD and their (SSO) login should select the tenant.
How do we provision a new AzureAD users into our app in the correct tenant based on the AzureAD they were setup in?
Thanks, Andrew
