Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-207

Accessing the agent logout URL without session will cause a redirect

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.1
    • Fix Version/s: 5.0.0.0, 4.1.0
    • Component/s: Web Agents
    • Environment:

      Description

      If an application logout URL (com.sun.identity.agents.config.agent.logout.url) is requested with no session token, the Agent will redirect to the url set in com.sun.identity.agents.config.logout.url, even if com.forgerock.agents.config.logout.redirect.disable=true.

      Steps to reproduce:

      1. Set the following:

      com.sun.identity.agents.config.agent.logout.url[0]=http://openam.example.com/sec/logout.html
      com.forgerock.agents.config.logout.redirect.disable=true
      

      2. With no cookies, access
      http://openam.example.com/sec/logout.html

      Expected result:
      User gets logout.html with no redirect.

      Actual result:
      User is redirected to the page set in com.sun.identity.agents.config.logout.url, typcially http://openam.example.com/openam/UI/Logout.

      It's presumed adding the logout page to com.sun.identity.agents.config.notenforced.url should not be necessary, as logout urls are automatically considered not-enforced (it doesn't make a difference either way).

      3.x Agents have the expected result.

        Attachments

          Activity

            People

            Assignee:
            mareks Mareks Malnacs
            Reporter:
            andrew.dunn Andrew Dunn [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: