Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3210

In CDSSO scenario no Logout is triggered when choosing 'yes' on 'new_org.jsp'

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.0-EA, 10.0.0, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.0
    • Fix Version/s: 10.0.2, 11.0.1, 12.0.0
    • Component/s: authentication
    • Labels:
    • Environment:
      Oracle JDK "1.7.0_17"
      OpenAM 10.1-Xpress on Tomcat 7.0.37
      Web Policy agent 3.1.0-Xpress for Apache http server 2.2 on Ubuntu 12.04
    • Rank:
      1|hzo4yn:
    • Support Ticket IDs:

      Description

      Steps to reproduce:

      OpenAM handles FQDN X.DOMAIN1

      • subrealm A
      • subrealm B

      Apache http server / agents handles FQDNs

      • FQDN Y.DOMAIN2
      • FQDN Z.DOMAIN3

      Agent is configured in CDSSO mode and uses conditional loginURL
      Y.DOMAIN2|<sheme>://X.DOMAIN1:<port>/<OpenamURI>/cdcservlet?realm=A
      Z.DOMAIN3|<sheme>://X.DOMAIN1:<port>/<OpenamURI>/cdcservlet?realm=B

      1) Browser has no SSO tracking cookie
      2) Access resource on 'Y.DOMAIN2'
      3) Agent redirects to CDCServlet which shows auth screen for realm A
      4) Login to realm A
      5) Access resource on 'Z.DOMAIN3'
      6) Agent redirects to CDCServlet which shows 'new_org.jsp'
      7) click 'yes' when asked for 'You have already logged in. Do you want to log out and then login to a different organization?'
      8) No login screen appears but browser is redirected back to originally requested resource

      Most likely this is due to the following error, appearing in Authentication debug log.

      amAuthClientUtils:10/24/2013 09:56:05:696 AM CEST: Thread[http-bio-8282-exec-9,5,main]
      Could not get orgName
      Message:No mapping organization found for organization identifier: ^A#�
      
              at com.sun.identity.idm.IdUtils.getOrganization(IdUtils.java:574)
              at com.sun.identity.authentication.client.AuthClientUtils.getOrganizationDN(AuthClientUtils.java:1464)
              at com.sun.identity.authentication.client.AuthClientUtils.getDomainNameByRequest(AuthClientUtils.java:1553)
              at com.sun.identity.authentication.UI.LoginViewBean.checkNewOrg(LoginViewBean.java:1673)
              at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:333)
              at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
      

      Attached is Authentication debug log when 'new_org' is triggered

        Attachments

          Activity

            People

            Assignee:
            peter.major Peter Major [X] (Inactive)
            Reporter:
            bthalmayr Bernhard Thalmayr
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: