Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-2813

Agents Logout perform logout multiple times

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 5.5.0.0, 5.6.1.0, 5.7.0, 5.8.0
    • Fix Version/s: None
    • Component/s: Web Agents

      Description

      Agents Logout perform logout multiple times.

      Steps to reproduce

      Setup

      1.) Hit the protected page and login with user (get the tokens) http://agent.localtest.me/index.html
      2.) Hit the logout page (http://agent.localtest.me/logout.html) and observe requests

      Observed

      at the begging agent do a logout in the background (possible to see in the agent's debug log or observe requests go to AM[not possible to see from browser])

      POST /openam/json/realms/root/sessions?_action=logout HTTP/1.1
      ...
      {"result":"Successfully logged out"}
      

      after the logout happens in background it is redirected to:
      /openam/UI/Logout?goto=<logout.redirect.url>
      and after few redirections it will perform logout in front channel (possible to see from browser)
      /openam/json/sessions?_action=logout
      but with response 401

      {"code":401,"reason":"Unauthorized","message":"Access Denied"}
      

      At the end, the session is terminated and OIDC token is deleted, but in the browser stayed iPlanetDirectoryPro cookie

      Expected behavior

      Agent will perform logout only once and iPDP and OIDC cookies will be deleted. Agent logout has to be compatible with cutom login flow

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            richard.hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: