In previous versions of JBoss EAP 6, users logging out of a secured administration console (over HTTPS) would be incorrectly redirected to standard HTTP addresses and the logout would fail.
This was because the redirects were hardcoded to use HTTP addresses.
In this release of the product, the redirects have been updated to take into account if the user is accessing the interface over HTTP or HTTPS and redirect appropriately.
Description of problem:
Logging out of an admin console secured with SSL (on port 9443) redirects to http address (e.g. http://localhost:9443/logout?logout) which leads to a Page Not Found error.
Version-Release number of selected component (if applicable):
EAP 6.2-beta (and 6.1.1)
Steps to Reproduce:
1. Setup HTTPS for admin console (I uesd the standalone instructions at https://access.redhat.com/site/solutions/229963)
2. Login to admin console (e.g. https://localhost:9443/console)
3. Click logout button and see address bar go to http address.
Page Not Foun
Logout without error. Not sure that you can logout with basic auth, but at least there shouldn't be the wrong page.
Darran Lofthouse <firstname.lastname@example.org> updated the status of jira WFLY-2498 to Coding In Progress
Verification on EAP 6.3.0.DR0 failed. The behavior is the same as in comment #1
Source code for 6.3.0.DR0 doesn't contain fix for this issue : https://github.com/jbossas/jboss-eap/pull/748
Seems I had not merged this anyway. Merged now
Verification on EAP 6.3.0.DR1 failed. This is already merged in 6.x branch, but it didn't get into DR1. I will verify it in DR2.
Verified on EAP 6.3.0.DR2