Affects Version/s: 5.5.1, 6.0.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 6.5.0, 188.8.131.52
Sprint:AM Sustaining Sprint 58, AM Sustaining Sprint 59
Support Ticket IDs:
When there is a session and then if XUI is logged in as
the following does not show any login screen and stuck with a
blank (or Loading...) page.
Details steps outlining how to recreate the issue (remove this text)
- Create a test realm
- Login to the realm /test as demo user
- On another tab access http://<am>/openam/XUI/?realm=/test&arg=newsession#login/
The purpose of arg=newsession is also to remove say any session upgrade use.
The XUI seems to clear the session but to logout request is seen where the latter one is seen as DENIED. There is not page rendering to redirect to ask for the login page.
a) The code when having arg=newsession set this as A REST call to AM
b) When there is a session (as part of the SSO Cookie), the empty POST
/json/authenticate?arg=newsession (with the SSO cookie) and returns
in the payload
c) This then XUI do a session logout (which does a REST logout)
d) However there is no way that it can continue rendering as the payload
does not have any callback and also the tokenId is clear (but it ends in
that pay). So there is no way to render a page that is with existing session
nor a way to render the needed calback this needs.
PS: It seem /json/authenticate?arg=newsession does not do server side clearing
of session (this is fine)
e) It would then seems that XUI should detect arg=newsession, clear the session or retry the authn w/o arg=newsession?