[ADMINCTR-478] Logout from external IdPs no longer works Created: 14/Sep/23 Updated: 29/Sep/23 Resolved: 18/Sep/23 |
|
| Status: | Closed |
| Project: | Admincentral |
| Component/s: | None |
| Affects Version/s: | 6.2.33 |
| Fix Version/s: | 6.3.0, 6.2.34 |
| Type: | Bug | Priority: | Major |
| Reporter: | Mikaël Geljić | Assignee: | Mikaël Geljić |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||||||||||
| Epic Link: | SSO maintenance | ||||||||||||||||||||||||||||
| Team: | |||||||||||||||||||||||||||||
| Work Started: | |||||||||||||||||||||||||||||
| Description |
|
Since ADMINCTR-450, we invalidate the HttpSession too eagerly, thus killing other/external logout logic that happens downstream from VaadinSession destroy, such as SSOs' logout filter: we use Pac4j's SessionStore (info in the http-session) to track the web session and interaction with the IdP. Desired behavior:
|