Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15433

Make the endSession endpoint continue flow when presented with valid id_token but expired session

    Details

    • Sprint:
      AM Sustaining Sprint 67, AM Sustaining Sprint 68, AM Sustaining Sprint 69, AM Sustaining Sprint 70, AM Sustaining Sprint 71, AM Sustaining Sprint 72, AM Sustaining Sprint 73, AM Sustaining Sprint 74
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      Description.

      This is a subset of OPENAM-12242

      When trying to end a session/logout using an OIDC id_token, if the related AM session has expired the endSession endpoint returns a error to the user.
      For the usecase where the id_token is valid, but the session is already terminated then the improvement will be to treat the call as successful  and continue and flow and follow the postlogouturi if registered.

      Current behaviour
      1. Login.using oauth2/openid connect (using authorization code grant flow)
      2. Wait for the session to expire.
      3. Then attempt to logout.
      4. The server returns an error such as

      {description: "Unable to get SsoTokenManager",message: "server_error"}

       

      Desired behaviour
      Log or ignore the failure to end the session and continue processing.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chee-weng.chea C-Weng C
                Reporter:
                jonthomas Jonathan Thomas
              • Votes:
                1 Vote for this issue
                Watchers:
                16 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: