You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/07 12:13:17 UTC
[1/6] cxf-fediz git commit: Adding another logout test
Repository: cxf-fediz
Updated Branches:
refs/heads/master 0b04bdd50 -> 799bfa5a7
Adding another logout test
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/708de3a8
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/708de3a8
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/708de3a8
Branch: refs/heads/master
Commit: 708de3a81bf8df1b9027c5c2323e85ac56e75530
Parents: 0b04bdd
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Dec 6 17:30:18 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Dec 6 17:30:18 2016 +0000
----------------------------------------------------------------------
.../fediz/integrationtests/AbstractTests.java | 55 ++++++++++++++++----
1 file changed, 46 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/708de3a8/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 547115e..79749dd 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -387,21 +387,62 @@ public abstract class AbstractTests {
// 4. now we try to access the RP and idp without authentication but with the existing cookies
// to see if we are really logged out
- String rpUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
- + "/secure/fedservlet";
// webClient.close();
webClient = new WebClient();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
- final HtmlPage idpPage = webClient.getPage(rpUrl);
+ final HtmlPage idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
// webClient.close();
}
+
+ @Test
+ public void testRPLogoutViaAction() throws Exception {
+
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/secure/fedservlet";
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ // 1. Login
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+
+ // 2. Now we should have a cookie from the RP and IdP and should be able to do
+ // subsequent requests without authenticate again. Lets test this first.
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ final HtmlPage rpPage = webClient.getPage(url);
+ Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
+ || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
+ // 3. now we logout from RP
+ String rpLogoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "?wa=" + FederationConstants.ACTION_SIGNOUT;
+
+ HTTPTestUtils.logout(rpLogoutUrl, cookieManager);
+
+ // 4. now we try to access the RP and idp without authentication but with the existing cookies
+ // to see if we are really logged out
+
+ // webClient.close();
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ final HtmlPage idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ // webClient.close();
+ }
+
@Test
public void testIdPLogout() throws Exception {
@@ -432,15 +473,13 @@ public abstract class AbstractTests {
// 4. now we try to access the RP and idp without authentication but with the existing cookies
// to see if we are really logged out
- String rpUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
- + "/secure/fedservlet";
// webClient.close();
webClient = new WebClient();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
- final HtmlPage idpPage = webClient.getPage(rpUrl);
+ final HtmlPage idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
@@ -477,15 +516,13 @@ public abstract class AbstractTests {
// 4. now we try to access the RP and idp without authentication but with the existing cookies
// to see if we are really logged out
- String rpUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
- + "/secure/fedservlet";
// webClient.close();
webClient = new WebClient();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
- final HtmlPage idpPage = webClient.getPage(rpUrl);
+ final HtmlPage idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
[6/6] cxf-fediz git commit: Fixing logout tests
Posted by co...@apache.org.
Fixing logout tests
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/799bfa5a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/799bfa5a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/799bfa5a
Branch: refs/heads/master
Commit: 799bfa5a7f0f84038a54d9df17f474a07b57e9f3
Parents: dba87be
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Dec 7 11:53:03 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Dec 7 11:53:03 2016 +0000
----------------------------------------------------------------------
.../java/org/apache/cxf/fediz/integrationtests/AbstractTests.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/799bfa5a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 79749dd..e2a7ebc 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -424,7 +424,7 @@ public abstract class AbstractTests {
// 3. now we logout from RP
String rpLogoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
- + "?wa=" + FederationConstants.ACTION_SIGNOUT;
+ + "/secure/fedservlet?wa=" + FederationConstants.ACTION_SIGNOUT;
HTTPTestUtils.logout(rpLogoutUrl, cookieManager);
[5/6] cxf-fediz git commit: Fixing Jetty plugins
Posted by co...@apache.org.
Fixing Jetty plugins
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/dba87be3
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/dba87be3
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/dba87be3
Branch: refs/heads/master
Commit: dba87be392cf25381d376bdca09a9f1ff8ba974a
Parents: 2d903b5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Dec 7 11:33:39 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Dec 7 11:33:39 2016 +0000
----------------------------------------------------------------------
.../org/apache/cxf/fediz/jetty8/FederationAuthenticator.java | 5 +++--
.../org/apache/cxf/fediz/jetty9/FederationAuthenticator.java | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/dba87be3/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
index 3206871..dfeab1d 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -277,7 +277,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
inputStream.close();
responseOutputStream.flush();
return Authentication.SEND_SUCCESS;
- } else if (action != null) {
+ } else if (!FederationConstants.ACTION_SIGNOUT.equals(action) && action != null) {
LOG.warn("Not supported action found in parameter wa: " + action);
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return Authentication.UNAUTHENTICATED;
@@ -295,8 +295,9 @@ public class FederationAuthenticator extends LoginAuthenticator {
else
{
//logout
+ boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
String logoutUrl = fedConfig.getLogoutURL();
- if (logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
+ if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
session.invalidate();
FedizProcessor wfProc =
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/dba87be3/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
index a08754b..7205e44 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
@@ -276,7 +276,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
inputStream.close();
responseOutputStream.flush();
return Authentication.SEND_SUCCESS;
- } else if (action != null) {
+ } else if (!FederationConstants.ACTION_SIGNOUT.equals(action) && action != null) {
LOG.warn("Not supported action found in parameter wa: " + action);
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return Authentication.UNAUTHENTICATED;
@@ -294,8 +294,9 @@ public class FederationAuthenticator extends LoginAuthenticator {
else
{
//logout
+ boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
String logoutUrl = fedConfig.getLogoutURL();
- if (logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
+ if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
session.invalidate();
FedizProcessor wfProc =
[4/6] cxf-fediz git commit: Fixing Logout via action for the Spring
plugin
Posted by co...@apache.org.
Fixing Logout via action for the Spring plugin
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2d903b53
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2d903b53
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2d903b53
Branch: refs/heads/master
Commit: 2d903b530a3c8b005a0fad91a85cc26d1d46aa11
Parents: 34713e3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Dec 7 10:50:41 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Dec 7 10:50:41 2016 +0000
----------------------------------------------------------------------
.../apache/cxf/fediz/spring/web/FederationLogoutFilter.java | 7 +++++++
.../org/apache/cxf/fediz/integrationtests/Spring2Test.java | 8 ++++++++
2 files changed, 15 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2d903b53/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
index f8f3f3a..e0356a9 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.spring.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.spring.FederationConfig;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.security.web.authentication.logout.LogoutFilter;
@@ -44,6 +45,12 @@ public class FederationLogoutFilter extends LogoutFilter {
@Override
protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
+ String wa = request.getParameter(FederationConstants.PARAM_ACTION);
+ if (FederationConstants.ACTION_SIGNOUT.equals(wa) || FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) {
+ // Default WS-Federation logout action
+ return true;
+ }
+
if (this.logoutUrl == null) {
String contextName = request.getContextPath();
if (contextName == null || contextName.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2d903b53/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
index d9e77ab..f9754ba 100644
--- a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
+++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
@@ -184,6 +184,13 @@ public class Spring2Test extends AbstractTests {
}
+ @Test
+ @Ignore("Logout not supported with Spring2")
+ @Override
+ public void testRPLogoutViaAction() throws Exception {
+
+ }
+
@Override
@Test
public void testAliceModifiedSignature() throws Exception {
@@ -242,4 +249,5 @@ public class Spring2Test extends AbstractTests {
public void testEntityExpansionAttack() throws Exception {
}
+
}
[3/6] cxf-fediz git commit: Support logging out via WS-Federation for
the CXF plugin
Posted by co...@apache.org.
Support logging out via WS-Federation for the CXF plugin
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/34713e37
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/34713e37
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/34713e37
Branch: refs/heads/master
Commit: 34713e3717689d4ea2a29ab54b65cd27d94558af
Parents: d938eea
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Dec 6 17:59:23 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Dec 6 17:59:23 2016 +0000
----------------------------------------------------------------------
.../cxf/plugin/FedizRedirectBindingFilter.java | 73 +++++++++++---------
1 file changed, 41 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/34713e37/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index 832d7bb..b7e9d7a 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -90,11 +90,6 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
return;
}
- // See if it is a Logout request
- if (isLogoutRequest(context, m, fedConfig)) {
- return;
- }
-
String httpMethod = context.getMethod();
MultivaluedMap<String, String> params = null;
@@ -110,6 +105,11 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
+ // See if it is a Logout request
+ if (isLogoutRequest(context, m, fedConfig, params)) {
+ return;
+ }
+
if (isSignoutCleanupRequest(fedConfig, m, params)) {
return;
} else if (checkSecurityContext(fedConfig, m)) {
@@ -289,39 +289,48 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
}
private boolean isLogoutRequest(ContainerRequestContext context, Message message,
- FedizContext fedConfig) {
- //logout
+ FedizContext fedConfig, MultivaluedMap<String, String> params) {
+
+ boolean signout = false;
String logoutUrl = fedConfig.getLogoutURL();
- if (logoutUrl != null && !logoutUrl.isEmpty()) {
+ if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
+ && FederationConstants.ACTION_SIGNOUT.equals(
+ params.getFirst(FederationConstants.PARAM_ACTION))) {
+ signout = true;
+ } else if (logoutUrl != null && !logoutUrl.isEmpty()) {
String requestPath = "/" + context.getUriInfo().getPath();
if (requestPath.equals(logoutUrl) || requestPath.equals(logoutUrl + "/")) {
- cleanupContext(message);
-
- try {
- FedizProcessor processor =
- FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-
- HttpServletRequest request = messageContext.getHttpServletRequest();
- RedirectionResponse redirectionResponse =
- processor.createSignOutRequest(request, null, fedConfig); //TODO
- String redirectURL = redirectionResponse.getRedirectionURL();
- if (redirectURL != null) {
- ResponseBuilder response = Response.seeOther(new URI(redirectURL));
- Map<String, String> headers = redirectionResponse.getHeaders();
- if (!headers.isEmpty()) {
- for (Entry<String, String> entry : headers.entrySet()) {
- response.header(entry.getKey(), entry.getValue());
- }
+ signout = true;
+ }
+ }
+
+ if (signout) {
+ cleanupContext(message);
+
+ try {
+ FedizProcessor processor =
+ FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
+
+ HttpServletRequest request = messageContext.getHttpServletRequest();
+ RedirectionResponse redirectionResponse =
+ processor.createSignOutRequest(request, null, fedConfig); //TODO
+ String redirectURL = redirectionResponse.getRedirectionURL();
+ if (redirectURL != null) {
+ ResponseBuilder response = Response.seeOther(new URI(redirectURL));
+ Map<String, String> headers = redirectionResponse.getHeaders();
+ if (!headers.isEmpty()) {
+ for (Entry<String, String> entry : headers.entrySet()) {
+ response.header(entry.getKey(), entry.getValue());
}
-
- context.abortWith(response.build());
-
- return true;
}
- } catch (Exception ex) {
- LOG.debug(ex.getMessage(), ex);
- throw ExceptionUtils.toInternalServerErrorException(ex, null);
+
+ context.abortWith(response.build());
+
+ return true;
}
+ } catch (Exception ex) {
+ LOG.debug(ex.getMessage(), ex);
+ throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
}
[2/6] cxf-fediz git commit: Fixing Logout bug
Posted by co...@apache.org.
Fixing Logout bug
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d938eea1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d938eea1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d938eea1
Branch: refs/heads/master
Commit: d938eea1876980d68251f6d07b5ab94f8cdd5121
Parents: 708de3a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Dec 6 17:34:09 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Dec 6 17:34:09 2016 +0000
----------------------------------------------------------------------
.../apache/cxf/fediz/core/processor/FederationProcessorImpl.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d938eea1/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index f874044..b82777b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -500,7 +500,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNOUT);
String logoutRedirectTo = request.getParameter(FederationConstants.PARAM_REPLY);
- if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
+ if (logoutRedirectTo == null || logoutRedirectTo.isEmpty()) {
logoutRedirectTo = config.getLogoutRedirectTo();
}
if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {