[OPENAM-5411] OpenAM is filling the ResponseLocation with a null instead of an empty string Created: 12/Jan/15  Updated: 20/Nov/16  Resolved: 12/Mar/15

Status: Resolved
Project: OpenAM
Component/s: SAML
Affects Version/s: 11.0.2
Fix Version/s: 10.0.3, 11.0.4, 12.0.1, 13.0.0

Type: Bug Priority: Minor
Reporter: Abel Hoxeng Assignee: Peter Major [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: 0h
Time Spent: 2h
Original Estimate: 4h

Issue Links:
is related to OPENAM-3809 The final SLO response should be sent... Resolved
Target Version/s:
Sprint: Sprint 77 - Sustaining, Sprint 78 - Sustaining
Support Ticket IDs:


When the ResponseLocation for a remote SP is not specified, OpenAM is filling the ResponseLocation with a null instead of an empty string. Then during the logout process OpenAM looks for an empty string instead of the null that was created in the ResponseLocation. Since the null is found, OpenAM doesn't automatically fill the ResponseLocation. To work around this the ResponseLocation must be explicitly set in the ResponseLocation in the remote SP to the same value as the SLO service URL.

Steps to reproduce:

  • Set up a simple SAML2 environment with 1 IdP and 1 SP
  • on the IdP change the remote SP's metadata, so that it specifies SLO endpoints like this:
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://sp.example.com:18080/openam/SPSloRedirect/metaAlias/sp" ResponseLocation=""/>
  • perform an SP initiated login
  • perform an SP initiated SLO

At this stage you should see the following error message at the IdP:


Comment by Peter Major [X] (Inactive) [ 12/Mar/15 ]

Looks like this is a regression coming out of OPENAM-3809

Comment by Peter Major [X] (Inactive) [ 12/Mar/15 ]

Fixed with R12987 R12988 R12989 and R12990

Generated at Tue Oct 27 03:50:07 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.