1362295 – [GSS] (6.4.8 patch) PicketLink rollup patch - BZ-1362293, BZ-1353333

Bug 1362295 - [GSS] (6.4.8 patch) PicketLink rollup patch - BZ-1362293, BZ-1353333

Summary: [GSS] (6.4.8 patch) PicketLink rollup patch - BZ-1362293, BZ-1353333

Keywords:
Status:	VERIFIED
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	PicketLink
Sub Component:
Version:	6.4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	dhorton
QA Contact:	Pavel Slavicek
Docs Contact:
URL:
Whiteboard:
Depends On:	1353333 1353338 1362293
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-01 21:10 UTC by dhorton
Modified:	2019-11-14 08:51 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	To apply this individual patch, follow the steps outlined in How do I apply individual or cumulative patches in JBoss EAP 6.2 and beyond [1]? To rollback this individual patch if installation has unexpected consequences, follow the steps outlined in How do I rollback individual or cumulative patches in JBoss EAP 6.2 and beyond [2]? [1] https://access.redhat.com/site/solutions/625683 [2] https://access.redhat.com/site/solutions/639403
Clone Of:
Environment:
Last Closed:
Type:	Support Patch
Embargoed:

Attachments	(Terms of Use)
BZ1362295.zip (1001.70 KB, application/zip) 2016-08-05 18:58 UTC, dhorton	no flags	Details
View All

Description dhorton 2016-08-01 21:10:35 UTC

Description of problem:

PicketLink rollup patch that includes:

PLINK-738
BZ-1353333

Comment 2 dhorton 2016-08-05 18:49:18 UTC

Description of problem for BZ-1353333:

PicketLink does not return SessionIndex in LogoutRequest.

To reproduce:

- deploy idp.war and employee.war
- go to http://localhost:8080/employee
- login
- click logout link when redirected back to the employee app
- view the SAML logout request
  - there should be a SessionIndex

Comment 3 dhorton 2016-08-05 18:50:11 UTC

Description of problem for BZ-1362295 (PLINK-738):


When the "LogOutResponseLocation" is configured, the SAML2LogoutHandler correctly uses this value as the Destination when the SP generates  a LogoutResponse.  However, the LogOutResponseLocation" is not getting used during the HTTP POST so that LogoutResponse is getting sent to the wrong IDP url.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Configure and deploy an idp, sales-post and employee applications
2.  Configure the "LogOutResponseLocation" in the employee.war/picketlink.xml
3.  Log into the sales-post application
4.  Hit the employee application
5.  Click on the GLO logout link in the sales-post



Expected results:

The employee.war should generate a LogoutResponse that has a "Destination" that matches the "LogOutResponseLocation".  This LogoutResponse should be sent to the same url that is specified in the LogOutResponseLocation". 


Actual results:

The LogoutResponse is not sent to the same url that is specified in the LogOutResponseLocation.

Comment 4 dhorton 2016-08-05 18:58:10 UTC

Created attachment 1188002 [details]
BZ1362295.zip

Comment 6 hsvabek 2016-08-10 08:55:21 UTC

- regression testing: OK
- patch format, instructions and (un)expected changes: OK
- reproduce the fix: OK

md5sum
9794f856c605032597fb5cb3e2df2429  BZ1362295.zip

Note You need to log in before you can comment on or make changes to this bug.