You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/10/09 11:57:00 UTC
[jira] [Closed] (FEDIZ-220) http 400 when logout with redirect to
constraint
[ https://issues.apache.org/jira/browse/FEDIZ-220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed FEDIZ-220.
-------------------------------------
> http 400 when logout with redirect to constraint
> ------------------------------------------------
>
> Key: FEDIZ-220
> URL: https://issues.apache.org/jira/browse/FEDIZ-220
> Project: CXF-Fediz
> Issue Type: Bug
> Components: Plugin
> Affects Versions: 1.4.3
> Reporter: Arnaud MERGEY
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 1.4.5
>
>
> I would like to redirect to a page after logout from a SAML authentication with tomcat plugin.
> I have added this in my fediz_config.xml
>
> {code:java}
> <logoutRedirectToConstraint type="String">.*logout.do.*</logoutRedirectToConstraint>
> {code}
>
> Then when I logout, instead of being redirected as expected I have an http 400 because the redirec url (/mycontext/logout.do?display=2) is url encoded and becomes not valid (because of / and ?).
> I looked in the code and it seems to me the issue is here
> org.apache.cxf.fediz.core.handler.LogoutHandler.signoutCleanup(HttpServletRequest request, HttpServletResponse response)
> line 114
> {code:java}
> response.sendRedirect(URLEncoder.encode(wreply, "UTF-8"));
> {code}
> should be replaced with
> {code:java}
> response.sendRedirect(response.encodeRedirectURL(wreply);
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)