Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: saas, 3.1.8
Affects Version/s: None
Component/s: None
Labels:
None

Template:
Acceptance criteria:

Empty

show more show less
Epic Link:
SSO maintenance

Due to changes in AdmincentralServlet in Magnolia 6.2.38, logout no longer works, IdP session is never terminated.

This is because the HttpSession is invalidated too eagerly, and thus kills Pac4j's session-tracking.

—

The issue will be resolved by ~~ADMINCTR-478~~ and ~~MAGNOLIA-9090~~.

Some dev notes and action should be taken in the scope of this ticket:

Add the logout scenario on SSO integration test for both branches v3.1 and v4.0.0
Consider to re-add `request.getSession().invalidate();` back to SsoLogoutFilter which is removed by this commit

if (request.getSession(false) != null) {
  log.info("Invalidating HttpSession {}", request.getSession());
  request.getSession().invalidate();
}

Acceptance criteria

is caused by

ADMINCTR-478 Logout from external IdPs no longer works

Closed

ADMINCTR-479 Logout from external IdPs no longer works (Magnolia 6.3)

Closed

relates to

MAGNOLIA-9090 Add option to trigger logout logic, post-request handling

Closed

MAGNOLIA-9091 Add option to trigger logout logic, post-request handling (Magnolia 6.3)

Closed

Assignee:: Evzen Fochr

Reporter:: Mikaël Geljić

Team:: AdminX

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 14/Sep/23 3:31 PM

Updated:: 29/Sep/23 12:23 PM

Resolved:: 20/Sep/23 8:18 PM

Work Started:: 20/Sep/23 8:04 AM