Hi David,
I have an issue with SSO integration of Yellowfin with our app. We use the Yellowfin Authentication. Here are the details.
First user A is login our app and its credential is authenticated by Yellowfin. User A can access the reports as expected.
Second user A logout our app and user B is login. When user B try to access the reports, the error message is displayed:
"Your have previously logged in as User A.
Login again. Login as another user."
This is a serious security issue. What I should do to prevent this happen? We tried various options under "Multiple Login Logic" but doesn't work.
Let me know if you need more details.
Thanks,
Michael
From the sounds of it, this might actually be related to how Tomcat uses browser sessions and stores cookies.
(Please see related posts for information on this).
If you are using the same browser (just using different tabs) then I could see this issue occurring.
If User A did not actually log out of Yellowfin then this may also occur.
I would first confirm that this issue does not occur when using separate browsers.
If this issue is still occurred when using different browsers, I would also confirm that User A actually logged out of Yellowfin.
Do your users have the ability to use multiple accounts?
Please let me know your findings.
Regards,
David
Related Posts:
http://www.yellowfinbi.com/YFForum-How-does-user-s...
work-?thread=103586">How does user sessions work?
Tomcat session tracking
This could be a security issue as we can't control what the User A would do.
Can you please try changing the following record in the Yellowfin DB under the configuration table;
[code]
1 SYSTEM LOGONCOOKIE YES
[/code]
Set YES to NO and then restart the YF.
Please let me know how it goes.
Regards,
David
This seems at least turn off the option for user B to login as user A.
Cheers!
Michael