Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1598

The agent gives 403 response rather than redirect when token is invalid before notification is received

    Details

    • Sprint:
      2018.5Lighthouse of Alexandria

      Description

      Usually a logged out token will be removed from the agent cache when it receives notification, but before that it is possible that a token will be used for a cached session in a call to the AM policy endpoint. When the token is invalid (e.g. logged out) the policy endpoint returns 400 Bad Request. The agent was treating this as a general error and causing a 403 response, but it should caused a redirect for login instead.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                nick.james Nicholas James
                Reporter:
                nick.james Nicholas James
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: