Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5530

OpenAM does not set the destination in the last leg of IDP Proxy SLO

    Details

    • Sprint:
      Sprint 77 - Sustaining, Sprint 78 - Sustaining, Sprint 79 - Sustaining, Sprint 80 - Sustaining, Sprint 81 - Sustaining
    • Support Ticket IDs:

      Description

      Set up OpenAM as an IDP Proxy and authenticate a user.

      1) SP requests SLO
      OpenAM sends request to IDP
      IDP logs out user and send response to OpenAM- repsonse contains destination
      OpenAM sends response to SP without a destination
      (some) SP will not log out the user

      2) If SP requests logout again it works, OpenAM sends Logout response with destination field.

      In 2) I can see IDPSingleLogout#sendAlreadyLogedOutResp is called and in the code:

      logRes.setDestination(XMLUtils.escapeSpecialCharacters(location));
      LogoutUtil.sendSLOResponse(response, logRes, location,
                      relayState, realm, idpEntityID, SAML2Constants.IDP_ROLE,
                      spEntityID, binding);
      

      Need revision of IDPProxyUtil.java#sendProxyLogoutResponse code to make sure Location is present/added.

        Attachments

          Activity

            People

            • Assignee:
              jonthomas Jonathan Thomas
              Reporter:
              nathalie.hoet Nathalie Hoet
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 16h
                16h
                Remaining:
                Time Spent - 13h Remaining Estimate - 3h
                3h
                Logged:
                Time Spent - 13h Remaining Estimate - 3h
                13h