Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1598

The agent gives 403 response rather than redirect when token is invalid before notification is received

    XMLWordPrintable

Details

    • 2018.5Lighthouse of Alexandria

    Description

      Usually a logged out token will be removed from the agent cache when it receives notification, but before that it is possible that a token will be used for a cached session in a call to the AM policy endpoint. When the token is invalid (e.g. logged out) the policy endpoint returns 400 Bad Request. The agent was treating this as a general error and causing a 403 response, but it should caused a redirect for login instead.

      Attachments

        Issue Links

          Activity

            People

              nick.james Nicholas James
              nick.james Nicholas James
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: