This topic has 1 reply, 1 voice, and was last updated 5 years ago by soma.

  • Author
    Posts
  • #13624
     soma
    Participant

    Hi All,

    I have a strange issue after log user out. I use OpenAM 13.0 + Tomcat + J2EE Agent 3.5.0 + OpenAM rest api.

    My web application has own login/logout pages. For login I call POST /openam/json/authenticate rest with X-OpenAM-Username and X-OpenAM-Password. For logout I use POST /openam/json/session/?_action=logout.

    My own logout restapi receives the request, calls the mentioned logout OpenAM api and deletes the iPlanetDirectoryPro cookie.

    After a successful logout everything seems perfect:
    * I can see on the OpenAM console that my ‘demo’ user just disappeared from the Session list
    * iPlanetDirectoryPro cookie is removed from client side

    But when I hit refresh in the web browser or try to open again the index page of my web application (which is on the list of the not enforced URIs) then I am redirected to the access-denied page with endless goto url params.

    After logout I have only one cookie. It is the JSESSIONID cookie. When I delete manually this cookie from the web browser then I am able to open the index page of my app without this issue.

    I can see in the debug.out log file a lot of strange but same exceptions when I try to open the index page of my app:

    
    ERROR: AmFilter: Error while delegating to inbound handler: Not Enforced List Task Handler, access will be denied
    java.lang.NullPointerException
            at com.iplanet.dpro.session.SesionId.hashCode(SessionID.java:334)
            ...
    

    When JSESSIONID cookie is deleted by me then everything works fine again till the next logout.

    Do u have any idea what is wrong here?

    #13837
     soma
    Participant

    This is the full log:

    No configuration value found for: com.sun.identity.agents.config.amFilter.logout.application.handler, or: com.sun.identity.agents.config.logout.application.handler
    amFilter:10/22/2016 07:46:12:678 PM CEST: Thread[http-nio-8080-exec-17,5,main]
    ERROR: AmFilter: Error while delegating to inbound handler: Not Enforced List Task Handler, access will be denied
    java.lang.NullPointerException
    	at com.iplanet.dpro.session.SessionID.hashCode(SessionID.java:334)
    	at java.util.Hashtable.get(Hashtable.java:363)
    	at com.iplanet.dpro.session.Session.readSession(Session.java:2178)
    	at com.iplanet.dpro.session.Session.removeSID(Session.java:1042)
    	at com.sun.identity.agents.filter.LogoutHelper.removeSSOToken(LogoutHelper.java:174)
    	at com.sun.identity.agents.filter.LogoutHelper.doLogout(LogoutHelper.java:63)
    	at com.sun.identity.agents.filter.NotenforcedListTaskHandler.process(NotenforcedListTaskHandler.java:144)
    	at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:194)
    	at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:157)
    	at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:70)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
    	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
    	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
    	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
    	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    	at java.lang.Thread.run(Thread.java:745)
    
    amFilter:10/22/2016 07:46:12:679 PM CEST: Thread[http-nio-8080-exec-17,5,main]
    AmFilter: now processing: Audit Result Handler
    amFilter:10/22/2016 07:46:12:679 PM CEST: Thread[http-nio-8080-exec-17,5,main]
    AmFilter: result => 
    
    -----------------------------------------------------------
    FilterResult:
    	Status    	: REDIRECT
    	ProcessResponse    	: false
    	RedirectURL	: http://web.example.com:8080/admin-console/authentication/access-denied.jsp?goto=http%3A%2F%2Fweb.example.com%3A8080%2Fadmin-console%2Fauthentication%2Faccess-denied.jsp%3Fgoto%3Dhttp%253A%252F%252Fweb.example.com%253A8080%252Fadmin-console%252Fauthentication%252Faccess-denied.jsp%253Fgoto%253Dhttp%25253A%25252F%25252Fweb.example.com%25253A8080%25252Fadmin-console%25252Fauthentication%25252Faccess-denied.jsp%25253Fgoto%25253Dhttp%2525253A%2525252F%2525252Fweb.example.com%2525253A8080%2525252Fadmin-console%2525252Fauthentication%2525252Faccess-denied.jsp%2525253Fgoto%2525253Dhttp%252525253A%252525252F%252525252Fweb.example.com%252525253A8080%252525252Fadmin-console%252525252Fauthentication%252525252Faccess-denied.jsp%252525253Fgoto%252525253Dhttp%25252525253A%25252525252F%25252525252Fweb.example.com%25252525253A8080%25252525252Fadmin-console%25252525252Fauthentication%25252525252Faccess-denied.jsp%25252525253Fgoto%25252525253Dhttp%2525252525253A%2525252525252F%2525252525252Fweb.example.com%2525252525253A8080%2525252525252Fadmin-console%2525252525252Fauthentication%2525252525252Faccess-denied.jsp%2525252525253Fgoto%2525252525253Dhttp%252525252525253A%252525252525252F%252525252525252Fweb.example.com%252525252525253A8080%252525252525252Fadmin-console%252525252525252Fauthentication%252525252525252Faccess-denied.jsp%252525252525253Fgoto%252525252525253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fweb.example.com%25252525252525253A8080%25252525252525252Fadmin-console%25252525252525252Fauthentication%25252525252525252Faccess-denied.jsp%25252525252525253Fgoto%25252525252525253Dhttp%2525252525252525253A%2525252525252525252F%2525252525252525252Fweb.example.com%2525252525252525253A8080%2525252525252525252Fadmin-console%2525252525252525252Fauthentication%2525252525252525252Faccess-denied.jsp%2525252525252525253Fgoto%2525252525252525253Dhttp%252525252525252525253A%252525252525252525252F%252525252525252525252Fweb.example.com%252525252525252525253A8080%252525252525252525252Fadmin-console%252525252525252525252Fauthentication%252525252525252525252Faccess-denied.jsp%252525252525252525253Fgoto%252525252525252525253Dhttp%25252525252525252525253A%25252525252525252525252F%25252525252525252525252Fweb.example.com%25252525252525252525253A8080%25252525252525252525252Fadmin-console%25252525252525252525252Fauthentication%25252525252525252525252Faccess-denied.jsp%25252525252525252525253Fgoto%25252525252525252525253Dhttp%2525252525252525252525253A%2525252525252525252525252F%2525252525252525252525252Fweb.example.com%2525252525252525252525253A8080%2525252525252525252525252Fadmin-console%2525252525252525252525252Fauthentication%2525252525252525252525252Faccess-denied.jsp%2525252525252525252525253Fgoto%2525252525252525252525253Dhttp%252525252525252525252525253A%252525252525252525252525252F%252525252525252525252525252Fweb.example.com%252525252525252525252525253A8080%252525252525252525252525252Fadmin-console%252525252525252525252525252Fauthentication%252525252525252525252525252Faccess-denied.jsp%252525252525252525252525253Fgoto%252525252525252525252525253Dhttp%25252525252525252525252525253A%25252525252525252525252525252F%25252525252525252525252525252Fweb.example.com%25252525252525252525252525253A8080%25252525252525252525252525252Fadmin-console%25252525252525252525252525252Fauthentication%25252525252525252525252525252Faccess-denied.jsp%25252525252525252525252525253Fgoto%25252525252525252525252525253Dhttp%2525252525252525252525252525253A%2525252525252525252525252525252F%2525252525252525252525252525252Fweb.example.com%2525252525252525252525252525253A8080%2525252525252525252525252525252Fadmin-console%2525252525252525252525252525252Fauthentication%2525252525252525252525252525252Faccess-denied.jsp%2525252525252525252525252525253Fgoto%2525252525252525252525252525253Dhttp%252525252525252525252525252525253A%252525252525252525252525252525252F%252525252525252525252525252525252Fweb.example.com%252525252525252525252525252525253A8080%252525252525252525252525252525252Fadmin-console%252525252525252525252525252525252Fauthentication%252525252525252525252525252525252Faccess-denied.jsp%252525252525252525252525252525253Fgoto%252525252525252525252525252525253Dhttp%25252525252525252525252525252525253A%25252525252525252525252525252525252F%25252525252525252525252525252525252Fweb.example.com%25252525252525252525252525252525253A8080%25252525252525252525252525252525252Fadmin-console%25252525252525252525252525252525252Fauthentication%25252525252525252525252525252525252Faccess-denied.jsp%25252525252525252525252525252525253Fgoto%25252525252525252525252525252525253Dhttp%2525252525252525252525252525252525253A%2525252525252525252525252525252525252F%2525252525252525252525252525252525252Fweb.example.com%2525252525252525252525252525252525253A8080%2525252525252525252525252525252525252Fadmin-console%2525252525252525252525252525252525252Fauthentication%2525252525252525252525252525252525252Faccess-denied.jsp%2525252525252525252525252525252525253Fgoto%2525252525252525252525252525252525253Dhttp%252525252525252525252525252525252525253A%252525252525252525252525252525252525252F%252525252525252525252525252525252525252Fweb.example.com%252525252525252525252525252525252525253A8080%252525252525252525252525252525252525252Fadmin-console%252525252525252525252525252525252525252Fauthentication%252525252525252525252525252525252525252Faccess-denied.jsp%252525252525252525252525252525252525253Fgoto%252525252525252525252525252525252525253Dhttp%25252525252525252525252525252525252525253A%25252525252525252525252525252525252525252F%25252525252525252525252525252525252525252Fweb.example.com%25252525252525252525252525252525252525253A8080%25252525252525252525252525252525252525252Fadmin-console%25252525252525252525252525252525252525252Fauthentication%25252525252525252525252525252525252525252Faccess-denied.jsp
    	RequestURL	: null
    	RequestHelper: 
    		null
    
    	Data: 
    		null
    
    -----------------------------------------------------------
    

    Any idea what to check?

    • This reply was modified 5 years ago by soma.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?