Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 4.0.1
-
Component/s: Web Agents
-
Labels:
-
Environment:Server version: Apache/2.4.6 (CentOS)
Server built: Jul 18 2016 15:30:14
Server's Module Magic Number: 20120211:24
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: prefork
CentOS Linux release 7.0.1406 (Core)
Version: 4.0.1-9
Revision: bd89b93
Container: Apache 2.4 Linux 64bit
Build date: Sep 6 2016 16:14:55
Server version: Apache/2.4.6 (CentOS) Server built: Jul 18 2016 15:30:14 Server's Module Magic Number: 20120211:24 Server loaded: APR 1.4.8, APR-UTIL 1.5.2 Compiled using: APR 1.4.8, APR-UTIL 1.5.2 Architecture: 64-bit Server MPM: prefork CentOS Linux release 7.0.1406 (Core) Version: 4.0.1-9 Revision: bd89b93 Container: Apache 2.4 Linux 64bit Build date: Sep 6 2016 16:14:55
-
Verified Version/s:
-
Cases:
-
Support Ticket IDs:
-
Epic Link:
Description
If an application logout URL (com.sun.identity.agents.config.agent.logout.url) is requested with no session token, the Agent will redirect to the url set in com.sun.identity.agents.config.logout.url, even if com.forgerock.agents.config.logout.redirect.disable=true.
Steps to reproduce:
1. Set the following:
com.sun.identity.agents.config.agent.logout.url[0]=http://openam.example.com/sec/logout.html com.forgerock.agents.config.logout.redirect.disable=true
2. With no cookies, access
http://openam.example.com/sec/logout.html
Expected result:
User gets logout.html with no redirect.
Actual result:
User is redirected to the page set in com.sun.identity.agents.config.logout.url, typcially http://openam.example.com/openam/UI/Logout.
It's presumed adding the logout page to com.sun.identity.agents.config.notenforced.url should not be necessary, as logout urls are automatically considered not-enforced (it doesn't make a difference either way).
3.x Agents have the expected result.