infinite redirect loop after log out

Tagged: ,

This topic has 3 replies, 3 voices, and was last updated 4 years, 10 months ago by naeemjmi.

  • Author
    Posts
  • #14207
     soma
    Participant

    Hi,

    I still have this issue (Session Termination issue) and I do not know how to solve it. Hope you will help me.

    My scenario is easy:
    1) Login via XUI login page
    2) Open a role protected page in a new tab of the web browser (/hello/private/index.jsp), content is displayed properly
    3) Go back to the XUI login page and logout
    4) Navigate to the root url of my application ((/hello)
    5) I get a infinite redirect loop (“The page isn’t redirecting properly”)

    The index page (/hello) is on the Not Enforced URIs list. I can open it without any authentication.

    Environment:
    OpenAM 13 runs on Tomcat
    3.5.0 J2EE agent for Tomcat, agent filter mode: J2EE_POLICY
    Login Form URI: /hello/authentication/login.jsp
    Access Denied URI: [hello]=/hello/authentication/access-denied.jsp
    Not Enforced URIs: configured properly

    Web application:
    Declarative security is used for role protected content in my web application.

    OpenAM log file is here

    As you can see there is a suspicious exception in the OpenAM log:

    
    ERROR: AmFilter: Error while delegating to inbound handler: Not Enforced List Task Handler, access will be denied
    java.lang.NullPointerException
    	at com.iplanet.dpro.session.SessionID.hashCode(SessionID.java:334)
    	at java.util.Hashtable.get(Hashtable.java:363)
    	at com.iplanet.dpro.session.Session.readSession(Session.java:2178)
    	at com.iplanet.dpro.session.Session.removeSID(Session.java:1042)
    	at com.sun.identity.agents.filter.LogoutHelper.removeSSOToken(LogoutHelper.java:174)
    	at com.sun.identity.agents.filter.LogoutHelper.doLogout(LogoutHelper.java:63)
    	at com.sun.identity.agents.filter.NotenforcedListTaskHandler.process(NotenforcedListTaskHandler.java:144)
    	at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:194)
    	at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:157)
    	at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:70)
    ...

    Could you please help me?

    #14209
     Rogerio Rondini
    Participant

    Hi

    That is a weird thing..

    Anyway, did you enable the “Reset Cookie” option in the Agent Profile in the tab SSO ?

    Cookie Reset
    Cookie Reset:
    Enabled
    Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable)
    Hot-swap: Yes

    #14214
     soma
    Participant

    Hi,
    Thank you for the reply.
    I tried that before but unfortunately it did not help :(

    #15086
     naeemjmi
    Participant

    it might be due to domain name change issue.your agent URL and Openam url domain should be same.
    For eg:openam url- http://www.openam.example.com
    Agent Url – http://www.agent.example.com

    this will share the same cookie as their domain .example.com is same.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?