Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15278

"Access Denied" error when accessing logout link and not currently signed in

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.5.0, 6.5.0.1, 6.5.1, 6.5.0.2, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3, 7.0.0, 6.5.3, 7.0.1
    • 6.5.4, 7.0.2, 7.1.1, 2021.6, 7.2.0
    • UI
    • Rank:
      1|hzyrjz:
    • AM Sustaining Sprint 85, AM Sustaining Sprint 86
    • 3
    • No
    • Yes
    • Yes and I used the same an in the description

    Description

      Logout URL returns Access Denied error 401 if not logged in. Would have expected it to return "nothing" and not display an error.

      1. Log into AM console ... "amadmin"
      2. Click logout from admin UI
      3. Goto Logout URL (per docs) ... get Access Denied error

       


      Output from the error when using AM logout link:

      https://idp.frdpcloud.com/openam/json/sessions?_action=logout
      

      Request Headers:

      POST /openam/json/sessions?_action=logout HTTP/1.1
      Host: idp.frdpcloud.com
      Connection: keep-alive
      Content-Length: 0
      Accept-API-Version: protocol=1.0,resource=2.0
      Origin: https://idp.frdpcloud.com
      X-Password: anonymous
      Accept-Language: en-US
      X-Username: anonymous
      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
      Content-Type: application/json
      Accept: application/json, text/javascript, */*; q=0.01
      Cache-Control: no-cache
      X-Requested-With: XMLHttpRequest
      X-NoSession: true
      Referer: https://idp.frdpcloud.com/openam/XUI/
      Accept-Encoding: gzip, deflate, br
      

      Response Headers

      HTTP/1.1 401
      Date: Fri, 26 Jul 2019 17:04:58 GMT
      Server: Apache/2.4.25 (Unix) OpenSSL/1.0.2k-fips PHP/5.6.30
      Access-Control-Max-Age: 1000
      Access-Control-Allow-Headers: X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding
      Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
      Access-Control-Allow-Origin: https://idp.frdpcloud.com
      X-Frame-Options: SAMEORIGIN
      Cache-Control: no-cache
      X-Content-Type-Options: nosniff
      Content-Type: application/json;charset=UTF-8
      Content-Length: 62
      Keep-Alive: timeout=5, max=97
      Connection: Keep-Alive
      

      Response

      {"code":401,"reason":"Unauthorized","message":"Access Denied"}

      This also prints in the browser for a moment which confuses users

      Attachments

        Issue Links

          Activity

            People

              lawrence.yarham Lawrence Yarham
              sfehrman Scott Fehrman [X] (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: