[AMAGENTS-1598] The agent gives 403 response rather than redirect when token is invalid before notification is received - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.0.0.0
Fix Version/s: 5.0.1.0, 5.5.0.0
Component/s: Web Agents
Labels:
- AMAgent
- AME
- CURIE
- release-notes

Sprint:
2018.5Lighthouse of Alexandria

Description

Usually a logged out token will be removed from the agent cache when it receives notification, but before that it is possible that a token will be used for a cached session in a call to the AM policy endpoint. When the token is invalid (e.g. logged out) the policy endpoint returns 400 Bad Request. The agent was treating this as a general error and causing a 403 response, but it should caused a redirect for login instead.

Attachments

Issue Links

is related to

AMAGENTS-1558 Testing for Custom Login Page Work

Closed

Activity

People

Assignee:

Nicholas James

Reporter:

Nicholas James

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

19/Apr/18 2:21 PM

Updated:

21/Sep/18 11:48 AM

Resolved:

23/Apr/18 1:24 PM