Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5411

OpenAM is filling the ResponseLocation with a null instead of an empty string

    Details

    • Sprint:
      Sprint 77 - Sustaining, Sprint 78 - Sustaining
    • Support Ticket IDs:

      Description

      When the ResponseLocation for a remote SP is not specified, OpenAM is filling the ResponseLocation with a null instead of an empty string. Then during the logout process OpenAM looks for an empty string instead of the null that was created in the ResponseLocation. Since the null is found, OpenAM doesn't automatically fill the ResponseLocation. To work around this the ResponseLocation must be explicitly set in the ResponseLocation in the remote SP to the same value as the SLO service URL.

      Steps to reproduce:

      • Set up a simple SAML2 environment with 1 IdP and 1 SP
      • on the IdP change the remote SP's metadata, so that it specifies SLO endpoints like this:
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://sp.example.com:18080/openam/SPSloRedirect/metaAlias/sp" ResponseLocation=""/>
        
      • perform an SP initiated login
      • perform an SP initiated SLO

      At this stage you should see the following error message at the IdP:

      Error+processing+LogoutResponse.+Requested+binding+is+not+supported.
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                abel.hoxeng Abel Hoxeng
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4h
                  4h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h Time Not Required
                  2h