#88 400 error is thrown when performing a logout without a session
Closed: Fixed None Opened 5 years ago by nkinder.

While participating in the Fedora test day of Ipsilon, I encountered an issue with a 400 error when performing logout without an active session. To reproduce:

  • Access a protected page on the SP (with no active session)
  • Log into the IdP when redirected
  • Bring up a second brower tab and directly access the IdP
  • Click "logout" on the IdP to kill the session
  • Return to the browser tab with the SP and click logout (you will need to configure the SP for logout)

The browser will be redirected to the IdP to perform SLO, but you will receive a 400 "Bad Request" page since there is no longer an active session with the IdP. We should just ignore the fact that there is no session and return to the SP.


Fields changed

milestone: => 1.0
owner: => rcritten

Fields changed

design_link: =>
status: new => accepted

Fields changed

patch_available: 0 => 1

master: 83ac397

resolution: => fixed
status: accepted => closed

Fields changed

rhbz: => 0

Metadata Update from @nkinder:
- Issue assigned to rcritten
- Issue set to the milestone: 1.0 m4

3 years ago

Login to comment on this ticket.

Metadata