Hi,

I'm not sure this really is a bug, but at least this is really unexpected behaviour when using Crowd SSO.

We're using Crowd as an SSO solution for a lot of development tools (Jira, Confluence, Bitbucket, etc.). For Jenkins we're using the Crowd2 plugin. Jenkins is protected by matrix security.

We do have users who don't have access to Jenkins at all. Whenever one of these users is calling Jenkins (e.g. he clicks on a Jenkins link on our landing page or in an email he got), he is explicitly logged out of the Crowd SSO. So when accessing e.g. Jira in the next step, he has to log in again.

I think the problem is in CrowdRememberMeServices.loginFail(), where logout() is explicitly called. IMHO this shouldn't be the case, at least not if SSO is used.

Cheers

Thomas