Non-existing tenantID in URL prevents access with existing tenantID

[StavrevaS]

[How to reproduce]

1. Platform operator registers a tenant (e.g tenantID="ad43fe78"); The administration portal URL for this tenant will be http://:/oscm-portal/?tenantID=ad43fe78;
2. The user tries to acess the URL, but types a wrong tenantID e.g http://:/oscm-portal/?tenantID=ad43fe79. Tenant with id ad43fe79 does not exist on the platform.

[Expected] Error message for non-existing tenant. When the user corrects the tenantID, he should be able to login in the tenant-specific IDP.

[Observed] Error message for non-existing tenant, even after the user corrects the tenantID. Onyl after deleting the browser cookies, the user is able to login to the tenant-specific IDP.

Probably the wrong tenantID is saved in the session, and not updated with the correct one.

[kwodzynski]

Tested on Windows Server 2016, jdk1.8u131, build BES_MASTER_BUILD_NO_TESTS-24 2017/07/31 in SAML mode. It works as expected.

[ghost]

[Build] 17.3 tested with IE. This was a duplicate of issue #417 but it is not fixed.

1. Log-in with default tenant (OpenAM) including tenantID (OK)
2. Log-in with ADFS tenant including tenantID

[Expected] ADFS login page is shown [Observed] OpenAm login page is shown

Also, the original problem as described is also not fixed (enter incorrect tenantID first and then correct tenantID

[kwodzynski]

I have tested this issue on the build has been created from hotfix/issue392 branch. It was not merge to master, so the official 17.3.0 release does not include that commit.