Skip to content

Apps with @FormAuthenticationMechanismDefinition aren't being sent to SSOs for login #33373

New issue
New issue
Open
#33556
Open
Apps with @FormAuthenticationMechanismDefinition aren't being sent to SSOs for login#33373
#33556
Labels
release bugThis bug is present in a released version of Open Libertyteam:Core Security
@barbj

Description

@barbj
barbj
opened on Nov 6, 2025

Describe the bug
When an application has a @FormAuthenticationMechanismDefinition annotation in it, Liberty does not send the request to the SSOs to process. This does not happen when the form login definition is in the web.xml file instead.

This is not the correct behavior because it gives the developer precedence over the admin.

Example:

  • The admin wants Azure to authenticate users. Bob is not in Azure.
  • Bob is in the local registry and he can access the app.

Metadata

Metadata

Assignees

No one assigned

    Labels

    release bugThis bug is present in a released version of Open Libertyteam:Core Security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions