infinite redirect loop after log out

Home Forums ForgeRock Products Access Management infinite redirect loop after log out

Learn more about our upcoming Identity Summits

Tagged: ,

This topic has 3 replies, 3 voices, and was last updated 5 years, 7 months ago by naeemjmi.

  • Author
    Posts
  • November 10, 2016 at 8:24 pm #14207
     soma
    Participant

    Hi,

    I still have this issue (Session Termination issue) and I do not know how to solve it. Hope you will help me.

    My scenario is easy:
    1) Login via XUI login page
    2) Open a role protected page in a new tab of the web browser (/hello/private/index.jsp), content is displayed properly
    3) Go back to the XUI login page and logout
    4) Navigate to the root url of my application ((/hello)
    5) I get a infinite redirect loop (“The page isn’t redirecting properly”)

    The index page (/hello) is on the Not Enforced URIs list. I can open it without any authentication.

    Environment:
    OpenAM 13 runs on Tomcat
    3.5.0 J2EE agent for Tomcat, agent filter mode: J2EE_POLICY
    Login Form URI: /hello/authentication/login.jsp
    Access Denied URI: [hello]=/hello/authentication/access-denied.jsp
    Not Enforced URIs: configured properly

    Web application:
    Declarative security is used for role protected content in my web application.

    OpenAM log file is here

    As you can see there is a suspicious exception in the OpenAM log:

    
ERROR: AmFilter: Error while delegating to inbound handler: Not Enforced List Task Handler, access will be denied
java.lang.NullPointerException
	at com.iplanet.dpro.session.SessionID.hashCode(SessionID.java:334)
	at java.util.Hashtable.get(Hashtable.java:363)
	at com.iplanet.dpro.session.Session.readSession(Session.java:2178)
	at com.iplanet.dpro.session.Session.removeSID(Session.java:1042)
	at com.sun.identity.agents.filter.LogoutHelper.removeSSOToken(LogoutHelper.java:174)
	at com.sun.identity.agents.filter.LogoutHelper.doLogout(LogoutHelper.java:63)
	at com.sun.identity.agents.filter.NotenforcedListTaskHandler.process(NotenforcedListTaskHandler.java:144)
	at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:194)
	at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:157)
	at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:70)
...

    Could you please help me?

    November 10, 2016 at 10:45 pm #14209
     Rogerio Rondini
    Participant

    Hi

    That is a weird thing..

    Anyway, did you enable the “Reset Cookie” option in the Agent Profile in the tab SSO ?

    Cookie Reset
    Cookie Reset:
    Enabled
    Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable)
    Hot-swap: Yes

    November 11, 2016 at 2:23 am #14214
     soma
    Participant

    Hi,
    Thank you for the reply.
    I tried that before but unfortunately it did not help :(

    December 28, 2016 at 6:31 am #15086
     naeemjmi
    Participant

    it might be due to domain name change issue.your agent URL and Openam url domain should be same.
    For eg:openam url- http://www.openam.example.com
    Agent Url – http://www.agent.example.com

    this will share the same cookie as their domain .example.com is same.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?