[gatein-issues] [JBoss JIRA] Updated: (GTNPORTAL-1027) GateIn+SSO integration: Blank screen when SSO ticket is not valid (OpenSSO)
Marek Posolda (JIRA)
jira-events at lists.jboss.org
Thu Apr 8 11:21:37 EDT 2010
[ https://jira.jboss.org/jira/browse/GTNPORTAL-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marek Posolda updated GTNPORTAL-1027:
-------------------------------------
Attachment: opensso-OpenSSOTokenValidationIssue.txt
> GateIn+SSO integration: Blank screen when SSO ticket is not valid (OpenSSO)
> ---------------------------------------------------------------------------
>
> Key: GTNPORTAL-1027
> URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1027
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 3.0.0-GA
> Environment: GateIn trunk (revision 2480) deployed on EAP 5, running on localhost:8080
> SSO module trunk (revision 2480),
> OpenSSO 8 update 1 deployed on Tomcat (localhost:8888),
> Sun Java 1.6
> Reporter: Marek Posolda
> Attachments: opensso-OpenSSOTokenValidationIssue.txt
>
>
> I have integration with GateIn+JBoss and OpenSSO. GateIn is on localhost:8080 and OpenSSO on Tomcat on localhost:8888. I have session-timeout configured to be only 1 minute instead of default 30 minutes in gatein.ear/02portalwar/WEB-INF/web.xml/ Now going through this scenario:
> 1) Login as root into GateIn via OpenSSO console
> 2) Wait some time (2 minutes) until HTTP session in GateIn expire.
> 3) Restart Tomcat with OpenSSO (or wait bigger amount of time until OpenSSO ticket expires - 2 hours)
> 4) Go to http://localhost:8080/portal/private/classic. Now I am redirected to blank screen and I am seeing the exception in server log: "java.lang.IllegalStateException: OpenSSO Token is not valid!!". Full stacktrace is in attachement. I am redirected to OpenSSO console after manual removation of cookie iPlanetDirectoryPro from my browser.
> I think that if validation of SSO ticket fails, then SSO cookie should be removed from browser and user should be redirected to SSO console? I believe it's more correct than redirecting user to blank screen.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list