Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-5484

Calling HttpServletRequest.logout() with single sign-on enabled only works every second time

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide
      • start EAP server with <single-sign-on/> enabled and a user added
      • deploy a <distributable/> application with FORM authentication enabled
      • create a request for the deployment and authenticate
      • logout from the application by calling HttpServletRequest.logout()
      • create a request
      • what is expected: you should authenticate for this request
      • what happens: you are still considered authenticated
      • logging out for the second time works as expected
      Show
      start EAP server with <single-sign-on/> enabled and a user added deploy a <distributable/> application with FORM authentication enabled create a request for the deployment and authenticate logout from the application by calling HttpServletRequest.logout() create a request what is expected: you should authenticate for this request what happens: you are still considered authenticated logging out for the second time works as expected

      Description

      See "Steps to Reproduce". Logging out from an application only works every second time, e.g. HttpRequestServlet.logout() has to be called twice in order to have any effect

      This doesn't occur without <single-sign-on/> enabled - logout() has the expected effect. The issue is security related, thus I'm adding our security team members as watchers.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  rjanik Richard Janík
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: