[AMAGENTS-1598] The agent gives 403 response rather than redirect when token is invalid before notification is received - ForgeRock JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.0.0.0
Fix Version/s: 5.0.1.0, 5.5.0.0
Component/s: Web Agents
Labels:
- AMAgent
- AME
- CURIE
- release-notes

Sprint:
2018.5Lighthouse of Alexandria

Description

Usually a logged out token will be removed from the agent cache when it receives notification, but before that it is possible that a token will be used for a cached session in a call to the AM policy endpoint. When the token is invalid (e.g. logged out) the policy endpoint returns 400 Bad Request. The agent was treating this as a general error and causing a 403 response, but it should caused a redirect for login instead.

Attachments

Issue Links

is related to

AMAGENTS-1558 Testing for Custom Login Page Work

Closed

Activity

People

Assignee:: Nicholas James

Reporter:: Nicholas James

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018-04-19 2:21 PM

Updated:: 2018-09-21 11:48 AM

Resolved:: 2018-04-23 1:24 PM