Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13617

IDP initiated MNI requests to terminate link fail


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.2
    • Fix Version/s: 5.5.2
    • Component/s: SAML
    • Labels:
    • Target Version/s:
    • Rank:
    • Verified Version/s:


      Bug description

      Terminate Federation from IDP test fails in 5.5.2, see https://ci.forgerock.org/job/AM-5.5.x/job/OpenAM-Federation/19/ and it is not working in 5.5.1 too, there are 2 more errors, see: https://ci.forgerock.org/job/AM-5.5.x/job/OpenAM-Federation/20/

      How to reproduce the issue

      1. configure IDP - SP scenario
      2. link users by logging in on both IDP and SP http://idp.localtest.me:8080/openam/idpssoinit?metaAlias=/idp&spEntityID=oam_sp
      3. terminate link by http://sp.localtest.me:8081/openam/SPMniInit?idpEntityID=idp.localtest.me&metaAlias=/sp&requestType=Terminate
      4. repeat step 2 to create link again
      5. terminate link by http://idp.localtest.me:8080/openam/IDPMniInit?spEntityID=oam_sp&metaAlias=/idp&requestType=Terminate
      6. repeat step 2 to verify that link is terminated
      Expected behaviour
      In step 5 there is message that Federation is terminated. In step 6 we have to login on IdP and then on SP to create link again.
      Current behaviour
      In step 5 there is redirect to login. In step 6 there is only one login as link is still there.
      There is also invalid session error in debug log: 
      amSSOProvider:09/20/2018 02:24:52:471 odp. CEST: Thread[http-nio-8080-exec-1,5,main]: TransactionId[d8c44642-5469-4071-b2e5-725e18da49a6-844]
      could not create SSOToken from HttpRequest (Invalid session ID.Session not found. This likely means it has expired and been removed.)

      Work around

      Do SP initiated Federation Termination instead of IDP initiated.




            • Assignee:
              lubomir.mlich Ľubomír Mlích
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: