cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gonzalad (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FEDIZ-212) Multiple OIDC logout return to login page
Date Mon, 09 Oct 2017 19:39:00 GMT

    [ https://issues.apache.org/jira/browse/FEDIZ-212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16197587#comment-16197587
] 

gonzalad commented on FEDIZ-212:
--------------------------------

2 problems :
 - in OIDC spring security filterchain, we have : <sec:intercept-url pattern="/idp/**"
access="isAuthenticated()"/>
   hence, accessing logout requires the user to be authenticated. This is not the case when
we execute logout a second time in a row.
 - when we fix the first issue, LogoutService calls  subjectCreator.createUserSubject(mc,
params) (with principal == null) and throws a OAuthServiceException("Unsupported Principal")


> Multiple OIDC logout return to login page
> -----------------------------------------
>
>                 Key: FEDIZ-212
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-212
>             Project: CXF-Fediz
>          Issue Type: Bug
>    Affects Versions: 1.4.2
>            Reporter: gonzalad
>
> I'm using Fediz SSO global logout.
> Scenario :
>  * start a clean incognito session
>  * user logs to OIDC Client 1
>  * user logs to OIDC Client 2 (in another tab, same browser window)
>  * user logs out OIDC Client 1
>  * now user switched tab to OIDC Client 2
>  * user logs out from OIDC Client 2
> On the last logout, the user is automatically rerouted to IDP login UI.
> Looking at network view of Chrome dev toolbar, we see when the user is redirected back
from IDP to OIDC (/oidc/login), that the OIDC redirects back to logout : /oidc/idp/logout.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message