Prevent No-login-context errors due to duplicate logins
Fixed
Description fields
Basics
Logistics
Basics
Logistics
Description
We recently debugged a case where many users got a Shibboleth error message after authenticating at the IdP. All we found is: In the Shibboleth IdP there were many "No login context available, unable to return to authentication engine" even though the users used the correct login links and they most certainly had at a valid session cookie just before they entered their credential. But there were no error messages.
The cause of this seems to be that - due to many users logging in at the same time due to an online exam - the authentication and redirect back to the SP took several seconds. Probably the SP has not responded for several seconds after the click on the login button and the redirect but the login page of the IdP still was shown in the user's web browser. Therefore, some impatient users clicked again on the login button even though they already were authenticated by the IdP and their IdP login context already was destroyed by the IdP.
To prevent this potential error, one simple workaround could be to disable the submit button on the login page after the form was submitted. This could be implemented and added to the default templates for v2 with something like:
<input type="submit" value="Login" name="Login" onclick="this.disabled=true;this.value='Logging in, please wait...';" />
or for v3 <button class="form-element form-button" type="submit" name="_eventId_proceed" onclick="this.disabled=true;this.innerHTML='Logging in, please wait...';">Login</button>
We recently debugged a case where many users got a Shibboleth error message after authenticating at the IdP. All we found is: In the Shibboleth IdP there were many "No login context available, unable to return to authentication engine" even though the users used the correct login links and they most certainly had at a valid session cookie just before they entered their credential. But there were no error messages.
The cause of this seems to be that - due to many users logging in at the same time due to an online exam - the authentication and redirect back to the SP took several seconds. Probably the SP has not responded for several seconds after the click on the login button and the redirect but the login page of the IdP still was shown in the user's web browser.
Therefore, some impatient users clicked again on the login button even though they already were authenticated by the IdP and their IdP login context already was destroyed by the IdP.
To prevent this potential error, one simple workaround could be to disable the submit button on the login page after the form was submitted.
This could be implemented and added to the default templates for v2 with something like:
<input type="submit" value="Login" name="Login" onclick="this.disabled=true;this.value='Logging in, please wait...';" />
or for v3
<button class="form-element form-button" type="submit" name="_eventId_proceed" onclick="this.disabled=true;this.innerHTML='Logging in, please wait...';">Login</button>