Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5096

Single Logout (SLO) via Proxy - active session partner in sendLastResponse()

    Details

    • Sprint:
      AM Sustaining Sprint 27
    • Support Ticket IDs:

      Description

      Replication steps:
      User logs into the IDP and successfully receives SP application access
      User accesses a second SP application in the federation (via the proxy)
      User clicks logout.

      The user is now logged out from the proxy and the SP, but not the IDP.

      Code changes:
      openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSingleLogout.java
      The sendLastResponse() method is invoked while session partners still exist.

      I resolved this with the following change:

      private static boolean sendLastResponse() {
      + try {
      + List partners = idpSession.getSessionPartners();
      + if (partners != null && !partners.isEmpty()) {
      + String rmethod = request.getMethod();
      + String proxyBinding = SAML2Constants.HTTP_REDIRECT;
      + if (rmethod.equals("POST"))
      { + proxyBinding = SAML2Constants.HTTP_POST; + }
      + if (SAML2Utils.debug.warningEnabled())
      { + SAML2Utils.debug.warning("Logout session partners"); + }
      + IDPProxyUtil.sendProxyLogoutRequest(request, response,
      + null, partners, proxyBinding, relayState);
      + return true;
      + }
      + }
      + catch (Exception e)
      { + debug.error("Failed processin session parnters: ", e); + }
      ... prepare for redirection back to the calling SP
      ...
      }
      

      Note that when there is only 1 active SP the SLO functions correctly.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                chris.warrren-smith chris warren-smith [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0h
                  0h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10h
                  10h