Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1362295 - [GSS] (6.4.8 patch) PicketLink rollup patch - BZ-1362293, BZ-1353333
Summary: [GSS] (6.4.8 patch) PicketLink rollup patch - BZ-1362293, BZ-1353333
Keywords:
Status: VERIFIED
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: PicketLink
Version: 6.4.8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: dhorton
QA Contact: Pavel Slavicek
URL:
Whiteboard:
Depends On: 1353333 1353338 1362293
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-01 21:10 UTC by dhorton
Modified: 2018-06-07 21:38 UTC (History)
6 users (show)

Doc Type: If docs needed, set a value
Doc Text:
To apply this individual patch, follow the steps outlined in How do I apply individual or cumulative patches in JBoss EAP 6.2 and beyond [1]? To rollback this individual patch if installation has unexpected consequences, follow the steps outlined in How do I rollback individual or cumulative patches in JBoss EAP 6.2 and beyond [2]? [1] https://access.redhat.com/site/solutions/625683 [2] https://access.redhat.com/site/solutions/639403
Clone Of:
Environment:
Last Closed:
Type: Support Patch


Attachments (Terms of Use)
BZ1362295.zip (deleted)
2016-08-05 18:58 UTC, dhorton
no flags Details

Description dhorton 2016-08-01 21:10:35 UTC
Description of problem:

PicketLink rollup patch that includes:

PLINK-738
BZ-1353333

Comment 2 dhorton 2016-08-05 18:49:18 UTC
Description of problem for BZ-1353333:

PicketLink does not return SessionIndex in LogoutRequest.

To reproduce:

- deploy idp.war and employee.war
- go to http://localhost:8080/employee
- login
- click logout link when redirected back to the employee app
- view the SAML logout request
  - there should be a SessionIndex

Comment 3 dhorton 2016-08-05 18:50:11 UTC
Description of problem for BZ-1362295 (PLINK-738):


When the "LogOutResponseLocation" is configured, the SAML2LogoutHandler correctly uses this value as the Destination when the SP generates  a LogoutResponse.  However, the LogOutResponseLocation" is not getting used during the HTTP POST so that LogoutResponse is getting sent to the wrong IDP url.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Configure and deploy an idp, sales-post and employee applications
2.  Configure the "LogOutResponseLocation" in the employee.war/picketlink.xml
3.  Log into the sales-post application
4.  Hit the employee application
5.  Click on the GLO logout link in the sales-post



Expected results:

The employee.war should generate a LogoutResponse that has a "Destination" that matches the "LogOutResponseLocation".  This LogoutResponse should be sent to the same url that is specified in the LogOutResponseLocation". 


Actual results:

The LogoutResponse is not sent to the same url that is specified in the LogOutResponseLocation.

Comment 4 dhorton 2016-08-05 18:58:10 UTC
Created attachment 1188002 [details]
BZ1362295.zip

Comment 6 hsvabek 2016-08-10 08:55:21 UTC
- regression testing: OK
- patch format, instructions and (un)expected changes: OK
- reproduce the fix: OK

md5sum
9794f856c605032597fb5cb3e2df2429  BZ1362295.zip


Note You need to log in before you can comment on or make changes to this bug.