[
https://jira.jboss.org/jira/browse/GTNPORTAL-1027?page=com.atlassian.jira...
]
Sohil Shah resolved GTNPORTAL-1027.
-----------------------------------
Resolution: Done
When this scenario happens, it should now re-start the OpenSSO login workflow.
Expected Behavior:
It will redirect to the OpenSSO login screen, ask for credentials, and once credentials
are provided, the user should then be logged into the portal
GateIn+SSO integration: Blank screen when SSO ticket is not valid
(OpenSSO)
---------------------------------------------------------------------------
Key: GTNPORTAL-1027
URL:
https://jira.jboss.org/jira/browse/GTNPORTAL-1027
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 3.0.0-GA
Environment: GateIn trunk (revision 2480) deployed on EAP 5, running on
localhost:8080
SSO module trunk (revision 2480),
OpenSSO 8 update 1 deployed on Tomcat (localhost:8888),
Sun Java 1.6
Reporter: Marek Posolda
Attachments: opensso-OpenSSOTokenValidationIssue.txt
I have integration with GateIn+JBoss and OpenSSO. GateIn is on localhost:8080 and OpenSSO
on Tomcat on localhost:8888. I have session-timeout configured to be only 1 minute instead
of default 30 minutes in gatein.ear/02portalwar/WEB-INF/web.xml/ Now going through this
scenario:
1) Login as root into GateIn via OpenSSO console
2) Wait some time (2 minutes) until HTTP session in GateIn expire.
3) Restart Tomcat with OpenSSO (or wait bigger amount of time until OpenSSO ticket
expires - 2 hours)
4) Go to
http://localhost:8080/portal/private/classic. Now I am redirected to blank
screen and I am seeing the exception in server log: "java.lang.IllegalStateException:
OpenSSO Token is not valid!!". Full stacktrace is in attachement. I am redirected to
OpenSSO console after manual removation of cookie iPlanetDirectoryPro from my browser.
I think that if validation of SSO ticket fails, then SSO cookie should be removed from
browser and user should be redirected to SSO console? I believe it's more correct than
redirecting user to blank screen.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira