Back to bug 1029687
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Chris Dolphy | 2013-11-13 00:33:27 UTC | Link ID | JBoss Issue Tracker WFLY-2498 | |
| Darran Lofthouse | 2013-11-20 13:18:03 UTC | CC | darran.lofthouse | |
| Kunjan Rathod | 2013-12-12 09:57:28 UTC | CC | krathod | |
| Eric Rich | 2013-12-13 12:49:43 UTC | Priority | unspecified | urgent |
| CC | erich | |||
| Severity | unspecified | urgent | ||
| ania | 2013-12-30 16:10:34 UTC | CC | ahoness, hbraun | |
| Flags | needinfo?(hbraun) | |||
| Darran Lofthouse | 2014-01-03 19:24:22 UTC | Status | NEW | POST |
| Assignee | hbraun | darran.lofthouse | ||
| Target Milestone | --- | Pending | ||
| Flags | needinfo?(hbraun) | |||
| Brad Maxwell | 2014-01-09 19:31:36 UTC | Target Release | --- | EAP 6.3.0 |
| CC | bmaxwell | |||
| Brad Maxwell | 2014-01-09 19:34:07 UTC | Blocks | 1051171 | |
| mark yarborough | 2014-01-10 11:21:00 UTC | CC | myarboro | |
| Summary | Logout of secured (ssl) admin console setup redirects to http address | [GSS] (6.3) Logout of secured (ssl) admin console setup redirects to http address | ||
| Kabir Khan | 2014-01-10 20:31:33 UTC | Status | POST | MODIFIED |
| CC | kkhan | |||
| Target Milestone | Pending | DR0 | ||
| Paul Gier | 2014-02-11 23:54:11 UTC | Status | MODIFIED | ON_QA |
| FIlip Bogyai | 2014-02-24 14:00:58 UTC | Status | ON_QA | ASSIGNED |
| CC | fbogyai | |||
| Kabir Khan | 2014-02-25 09:40:42 UTC | Status | ASSIGNED | MODIFIED |
| Target Milestone | DR0 | DR1 | ||
| Paul Gier | 2014-02-25 22:13:37 UTC | Status | MODIFIED | ON_QA |
| FIlip Bogyai | 2014-02-26 09:55:41 UTC | Status | ON_QA | MODIFIED |
| Target Milestone | DR1 | DR2 | ||
| Paul Gier | 2014-03-05 23:10:42 UTC | Status | MODIFIED | ON_QA |
| FIlip Bogyai | 2014-03-06 09:51:10 UTC | Status | ON_QA | VERIFIED |
| Darran Lofthouse | 2014-06-03 08:40:36 UTC | Doc Text | Cause: As the management console makes use of standard HTTP authentication mechanisms we have needed to implement a custom approach to cause web browsers to forget any cached credentials when required by a user to simulate a logout, this involves a couple of HTTP calls involving redirects - these redirects were hard coded to use http addresses. Consequence: If the management interface is being accessed over https the user gets redirected to http on logout and the simulated logout failed. Fix: For the redirects we now take into account if the user is accessing the interface over http or https and redirect accordingly. Result: Logouts now use the correct address, either http or https as required. |
|
| Scott Mumford | 2014-06-04 01:47:49 UTC | CC | smumford | |
| Doc Text | Cause: As the management console makes use of standard HTTP authentication mechanisms we have needed to implement a custom approach to cause web browsers to forget any cached credentials when required by a user to simulate a logout, this involves a couple of HTTP calls involving redirects - these redirects were hard coded to use http addresses. Consequence: If the management interface is being accessed over https the user gets redirected to http on logout and the simulated logout failed. Fix: For the redirects we now take into account if the user is accessing the interface over http or https and redirect accordingly. Result: Logouts now use the correct address, either http or https as required. | In previous versions of JBoss EAP 6, users logging out of a secured administration console (over HTTPS) would be incorrectly redirected to standard HTTP addresses and the logout would fail. This was because the redirects were hardcoded to use HTTP addresses. In this release of the product, the redirects have been updated to take into account if the user is accessing the interface over HTTP or HTTPS and redirect appropriately. |
||
| mark yarborough | 2014-06-28 15:28:22 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2014-06-28 11:28:22 UTC | |||
| John Skeoch | 2015-02-01 23:00:48 UTC | CC | jkudrnac |
Back to bug 1029687