You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Arnaud MERGEY (JIRA)" <ji...@apache.org> on 2018/07/03 16:56:00 UTC

[jira] [Created] (FEDIZ-220) http 400 when logout with redirect to constraint

Arnaud MERGEY created FEDIZ-220:
-----------------------------------

             Summary: http 400 when logout with redirect to constraint
                 Key: FEDIZ-220
                 URL: https://issues.apache.org/jira/browse/FEDIZ-220
             Project: CXF-Fediz
          Issue Type: Bug
          Components: Plugin
    Affects Versions: 1.4.3
            Reporter: Arnaud MERGEY


I would like to redirect to a page after logout from a SAML authentication with tomcat plugin.

I have added this in my fediz_config.xml 

 
{code:java}
<logoutRedirectToConstraint type="String">.*logout.do.*</logoutRedirectToConstraint>
{code}
 

Then when I logout, instead of being redirected as expected I have an http 400 because the redirec url (/mycontext/logout.do?display=2) is  url encoded and becomes not valid (because of / and ?).

I looked in the code and it seems to me the issue is here 

org.apache.cxf.fediz.core.handler.LogoutHandler.signoutCleanup(HttpServletRequest request, HttpServletResponse response) 

line 114 
{code:java}
response.sendRedirect(URLEncoder.encode(wreply, "UTF-8"));
{code}
should be replaced with
{code:java}
response.sendRedirect(response.encodeRedirectURL(wreply);
{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)