Created attachment 874407 [details] sp When using Domain Chooser in SP then during logout from SP (handled by org.picketlink.identity.federation.bindings.tomcat.sp.AccountChooserValve) java.lang.IllegalStateException is thrown: Stacktrace: 13:09:54,255 ERROR [org.apache.catalina.connector] (http-/127.0.0.1:8080-19) JBWEB001018: An exception or error occurred in the container during the request processing: java.lang.IllegalStateException: JBWEB000043: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:2647) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.apache.catalina.connector.Request.getSessionInternal(Request.java:2531) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractAccountChooserValve.proceedToAuthentication(AbstractAccountChooserValve.java:197) [picketlink-jbas7-2.5.3.SP1.jar:2.5.3.SP1] at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractAccountChooserValve.invoke(AbstractAccountChooserValve.java:167) [picketlink-jbas7-2.5.3.SP1.jar:2.5.3.SP1] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.4.0.Final-redhat-4.jar:7.4.0.Final-redhat-4] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:353) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:911) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at org.apache.tomcat.util.net.NioEndpoint$ChannelProcessor.run(NioEndpoint.java:920) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_17] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_17] at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_17] Steps to reproduce: 1) Start standalone server and add needed security domains via CLI commands: /subsystem=security/security-domain=idp:add(cache-type=default) /subsystem=security/security-domain=idp/authentication=classic:add /subsystem=security/security-domain=idp/authentication=classic/login-module=UsersRoles:add(code=UsersRoles, flag=required, module-options=[("usersProperties"=>"users.properties"), ("rolesProperties"=>"roles.properties")]) /subsystem=security/security-domain=sp:add(cache-type=default) /subsystem=security/security-domain=sp/authentication=classic:add /subsystem=security/security-domain=sp/authentication=classic/login-module=org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule:add(code=org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule, flag=required) 2) Deploy sp.war and idp.war 3) Hit http://localhost:8080/sp and choose DomainA. It redirect you to IDP then authenticate yourself with tomcat/tomcat. SP page is shown. Click logout for logout. Exception will be thrown in server log.
Created attachment 874408 [details] idp
Verified on EAP 6.3.0.ER2.