[jboss-jira] [JBoss JIRA] (WFLY-5484) Calling HttpServletRequest.logout() with single sign-on enabled only works every second time
Richard Janík (JIRA)
issues at jboss.org
Wed Oct 7 08:58:00 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Janík reassigned WFLY-5484:
-----------------------------------
Steps to Reproduce:
- start EAP server with <single-sign-on/> enabled and a user added
- deploy a <distributable/> application with FORM authentication enabled
- create a request for the deployment and authenticate
- logout from the application by calling HttpServletRequest.logout()
- create a request
- what is expected: you should authenticate for this request
- what happens: you are still considered authenticated
- logging out for the second time works as expected
Assignee: Paul Ferraro (was: Stuart Douglas)
The assignees always get scrambled when I clone Jiras from JBEAP. Putting pferraro as assignee since he is the assignee of the master Jira. Adding steps to reproduce, since those got lost on their way here too.
> Calling HttpServletRequest.logout() with single sign-on enabled only works every second time
> --------------------------------------------------------------------------------------------
>
> Key: WFLY-5484
> URL: https://issues.jboss.org/browse/WFLY-5484
> Project: WildFly
> Issue Type: Bug
> Components: Clustering, Web (Undertow)
> Reporter: Richard Janík
> Assignee: Paul Ferraro
> Priority: Blocker
>
> See "Steps to Reproduce". Logging out from an application only works every second time, e.g. HttpRequestServlet.logout() has to be called twice in order to have any effect
> This doesn't occur without <single-sign-on/> enabled - logout() has the expected effect. The issue is security related, thus I'm adding our security team members as watchers.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list