Description of problem: PicketLink rollup patch that includes: PLINK-738 BZ-1353333
Description of problem for BZ-1353333: PicketLink does not return SessionIndex in LogoutRequest. To reproduce: - deploy idp.war and employee.war - go to http://localhost:8080/employee - login - click logout link when redirected back to the employee app - view the SAML logout request - there should be a SessionIndex
Description of problem for BZ-1362295 (PLINK-738): When the "LogOutResponseLocation" is configured, the SAML2LogoutHandler correctly uses this value as the Destination when the SP generates a LogoutResponse. However, the LogOutResponseLocation" is not getting used during the HTTP POST so that LogoutResponse is getting sent to the wrong IDP url. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Configure and deploy an idp, sales-post and employee applications 2. Configure the "LogOutResponseLocation" in the employee.war/picketlink.xml 3. Log into the sales-post application 4. Hit the employee application 5. Click on the GLO logout link in the sales-post Expected results: The employee.war should generate a LogoutResponse that has a "Destination" that matches the "LogOutResponseLocation". This LogoutResponse should be sent to the same url that is specified in the LogOutResponseLocation". Actual results: The LogoutResponse is not sent to the same url that is specified in the LogOutResponseLocation.
Created attachment 1188002 [details] BZ1362295.zip
- regression testing: OK - patch format, instructions and (un)expected changes: OK - reproduce the fix: OK md5sum 9794f856c605032597fb5cb3e2df2429 BZ1362295.zip
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.