If a User has logged into the application, they must stay logged in even if they dont touch the application and it is in the background, this is so that any alerts will appear/sound, and if they want to take immediate action they can do that.
However if the user logs out, their session must be terminated and they are forced to log in again.
Problem: We have just been through a security review and the application is failing with a scenario;
UserA logs in, and then logging out, but a different user being able to hijack the token that UserA was issued. ie Logout does not destroy the token.
To reproduce this issue perform the following steps: Session Timeout
Hi,
We are upgrading to v8.3-preview with one of the goals being to enable tenants and their users (our implementation is SaaS), to setup user authentication using their entra verification so the tenants can choose to have one authentication.
I read https://abp.io/support/questions/7501/Problems-with-integration-of-Entra-External-ID and noted that this was acknowledged as a bug and would be fixed in next reelase. Before we go down the path of trying to use Entra/SAML can you confirm that this is all working?
There a rea bunch of old articles, support tickets and the sample on Github is now 4 years old, so is there a worked example/screen shots of steps to setup on both the Entra and also on ABP.io project side for each tenant to implement Entra authenticated login?
Thanks, Andrew
Links for upgrade to v8.2 and v8.3 are broken.
Can you please urgently re-instate miigration/update links. We are trying to upvrade from 7.x to v8.3.
https://abp.io/docs/latest/release-info/migration-guides/v8_2?_redirected=B8ABF606AA1BDF5C629883DF1061649A
Hi,
Is it possible to have the roadmap updated https://github.com/abpframework/abp/milestones so we can do some planning around our product upgrades for v7.3 or are you going to merge with v7.4 final?
Also for all the suggestions in #3052 is there an intention to move those to Github items? I created a couple of items 3 months ago and don't know what is happening..
Thanks,
Andrew
Hi,
We have a client that wants to use AzureAD for SSO, and provisioning so their users can log into our app.
Searching in the docs for AzureAD or SSO (v7.2) does not bring up any resiults. I have seen some blog posts from 2020 but we are using the v7.2 framework/OpenIddict.
Thanks, Andrew
Hi,
We are upgrading to v7.2 from v5.3 but the LeptonX layout causes us problems and doesnt work very well for our users.
What is the long term plan to continue support on Lepton Theme?
Andrew
We have an application with lots of data that is geographically grouped, or can be operationally grouped eg Division 1, Division 2, etc.
We want to be able to limit the data that specific groups of users can see. but enable other users to be able to view all data from all regions.
In simple terms Users belonging to Northwest Region, can only see customer data that relates to Northwest Region, but a User that belongs to "All Northern" can see data from North-West and North-East Regions.
Is there an existing extension of identifty eg Departments? that would help with this sort of scenario?
Andrew
Hi,
We are upgrading an app to v7.1 template.
The performance on v7.1 is worse than previous versions. Our application is not very big.
What steps can we take to improve the loading speed at startup and user experience?
Thanks. Andrew
I see this test results document, but it is actually for v7.0
https://docs.abp.io/en/commercial/7.1/others/penetration-test-report
has this been updated for v7.1?
Also https://support.abp.io/QA/Questions/4623 seems to be scheduled for inclusion in v7.2 Preview.
Can it be provided for patch of v7.1 as we dont want to use a Previoew version for Production.
Thanks, Andrew
Does ABP support SCIM auomated provisioning of users (and their removal)? https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-scim-provisioning
If so can you point me to where that is described and ideally some example code?