Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
28.0.0.Final
-
- Define an OpenId Authentication Mechanism with logout notification to the OP.
- Access a restricted resource to force authentication.
- Logout from the application to close the OpenId session (OP).
-
---
-
---
Description
Let's define an OpenId Authentication mechanism to notifiy a logout from the application to the OpenID Provider such as:
@OpenIdAuthenticationMechanismDefinition(
providerURI = "${openId.providerURI}",
redirectURI = "${openId.redirectURI}",
clientId = "${openId.clientId}",
clientSecret = "${openId.clientSecret}",
tokenAutoRefresh = true,
logout = @LogoutDefinition(
}}{{notifyProvider = true,
redirectURI = "${openId.logoutRedirectURI}")
)
public class OpenIdDefinition {
}
When invoking HttpServletRequest.logout() the OpenId Authentication Mechanism sends a redirection to the following URI:
/<app>/org.jboss.resteasy.specimpl.ResteasyUriBuilderImpl@224ebc2a
It seems that the construction of such redirection is not valid or maybe some configuration might be missing. No error is thrown, it's just a matter of incorrect redirection to the OP.
