Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-834

logout url functionality not working as expected

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Agents-3.0, Agents-3.0.1, Agents-3.0.2, Agents-3.0.3, Agents-3.0.4
    • Agents-3.2.0
    • web agents
    • Rank:
      1|hzn3pz:
    • Sprint 3

      Description

      The agent has some properties to control local logout URLs.

      com.sun.identity.agents.config.agent.logout.url
      com.sun.identity.agents.config.logout.redirect.url

      and

      com.sun.identity.agents.config.logout.url

      The top two defines a list urls local to the agent; if these are accessed then the PA sends a session destroy message to OpenAM and should redirect the user to the redirect.url.

      However on both Apache 2.2 and IIS7 agents (probably the others since most of this code is in the AM SDK) what happens is this:

      No CDSSO

      1. Hit local logout URL
      2. PA sends session destroy message
      3. PA redirects to the OpenAM logout URL with a goto URL parameter of the local redirect page (on Apache this is also broken; the goto parameter is missing). User is already logged out so the Logout page shows Logged out message and does not follow goto url.

      CDSSO

      The same flow, but you end up on the Login page since you end up going via the CDCServlet.

      The fix should be not to go anywhere near the OpenAM Logout URL. When a local logout URL is accessed then the users session should be destroyed (which is working okay) and then the user redirected to the configured local logout url

        Attachments

          Issue Links

            Activity

              People

              mareks Mareks Malnacs
              steve Steve Ferris
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: