Session Termination issue

Home Forums ForgeRock Products Access Management Session Termination issue

Learn more about our upcoming Identity Summits

Tagged: , ,

This topic has 1 reply, 1 voice, and was last updated 6 years, 1 month ago by soma.

  • Author
    Posts
  • October 11, 2016 at 6:03 pm #13624
     soma
    Participant

    Hi All,

    I have a strange issue after log user out. I use OpenAM 13.0 + Tomcat + J2EE Agent 3.5.0 + OpenAM rest api.

    My web application has own login/logout pages. For login I call POST /openam/json/authenticate rest with X-OpenAM-Username and X-OpenAM-Password. For logout I use POST /openam/json/session/?_action=logout.

    My own logout restapi receives the request, calls the mentioned logout OpenAM api and deletes the iPlanetDirectoryPro cookie.

    After a successful logout everything seems perfect:
    * I can see on the OpenAM console that my ‘demo’ user just disappeared from the Session list
    * iPlanetDirectoryPro cookie is removed from client side

    But when I hit refresh in the web browser or try to open again the index page of my web application (which is on the list of the not enforced URIs) then I am redirected to the access-denied page with endless goto url params.

    After logout I have only one cookie. It is the JSESSIONID cookie. When I delete manually this cookie from the web browser then I am able to open the index page of my app without this issue.

    I can see in the debug.out log file a lot of strange but same exceptions when I try to open the index page of my app:

    
ERROR: AmFilter: Error while delegating to inbound handler: Not Enforced List Task Handler, access will be denied
java.lang.NullPointerException
        at com.iplanet.dpro.session.SesionId.hashCode(SessionID.java:334)
        ...

    When JSESSIONID cookie is deleted by me then everything works fine again till the next logout.

    Do u have any idea what is wrong here?

    October 22, 2016 at 7:53 pm #13837
     soma
    Participant

    This is the full log:

    No configuration value found for: com.sun.identity.agents.config.amFilter.logout.application.handler, or: com.sun.identity.agents.config.logout.application.handler
amFilter:10/22/2016 07:46:12:678 PM CEST: Thread[http-nio-8080-exec-17,5,main]
ERROR: AmFilter: Error while delegating to inbound handler: Not Enforced List Task Handler, access will be denied
java.lang.NullPointerException
	at com.iplanet.dpro.session.SessionID.hashCode(SessionID.java:334)
	at java.util.Hashtable.get(Hashtable.java:363)
	at com.iplanet.dpro.session.Session.readSession(Session.java:2178)
	at com.iplanet.dpro.session.Session.removeSID(Session.java:1042)
	at com.sun.identity.agents.filter.LogoutHelper.removeSSOToken(LogoutHelper.java:174)
	at com.sun.identity.agents.filter.LogoutHelper.doLogout(LogoutHelper.java:63)
	at com.sun.identity.agents.filter.NotenforcedListTaskHandler.process(NotenforcedListTaskHandler.java:144)
	at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:194)
	at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:157)
	at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:70)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

amFilter:10/22/2016 07:46:12:679 PM CEST: Thread[http-nio-8080-exec-17,5,main]
AmFilter: now processing: Audit Result Handler
amFilter:10/22/2016 07:46:12:679 PM CEST: Thread[http-nio-8080-exec-17,5,main]
AmFilter: result => 

-----------------------------------------------------------
FilterResult:
	Status    	: REDIRECT
	ProcessResponse    	: false
	RedirectURL	: http://web.example.com:8080/admin-console/authentication/access-denied.jsp?goto=http%3A%2F%2Fweb.example.com%3A8080%2Fadmin-console%2Fauthentication%2Faccess-denied.jsp%3Fgoto%3Dhttp%253A%252F%252Fweb.example.com%253A8080%252Fadmin-console%252Fauthentication%252Faccess-denied.jsp%253Fgoto%253Dhttp%25253A%25252F%25252Fweb.example.com%25253A8080%25252Fadmin-console%25252Fauthentication%25252Faccess-denied.jsp%25253Fgoto%25253Dhttp%2525253A%2525252F%2525252Fweb.example.com%2525253A8080%2525252Fadmin-console%2525252Fauthentication%2525252Faccess-denied.jsp%2525253Fgoto%2525253Dhttp%252525253A%252525252F%252525252Fweb.example.com%252525253A8080%252525252Fadmin-console%252525252Fauthentication%252525252Faccess-denied.jsp%252525253Fgoto%252525253Dhttp%25252525253A%25252525252F%25252525252Fweb.example.com%25252525253A8080%25252525252Fadmin-console%25252525252Fauthentication%25252525252Faccess-denied.jsp%25252525253Fgoto%25252525253Dhttp%2525252525253A%2525252525252F%2525252525252Fweb.example.com%2525252525253A8080%2525252525252Fadmin-console%2525252525252Fauthentication%2525252525252Faccess-denied.jsp%2525252525253Fgoto%2525252525253Dhttp%252525252525253A%252525252525252F%252525252525252Fweb.example.com%252525252525253A8080%252525252525252Fadmin-console%252525252525252Fauthentication%252525252525252Faccess-denied.jsp%252525252525253Fgoto%252525252525253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fweb.example.com%25252525252525253A8080%25252525252525252Fadmin-console%25252525252525252Fauthentication%25252525252525252Faccess-denied.jsp%25252525252525253Fgoto%25252525252525253Dhttp%2525252525252525253A%2525252525252525252F%2525252525252525252Fweb.example.com%2525252525252525253A8080%2525252525252525252Fadmin-console%2525252525252525252Fauthentication%2525252525252525252Faccess-denied.jsp%2525252525252525253Fgoto%2525252525252525253Dhttp%252525252525252525253A%252525252525252525252F%252525252525252525252Fweb.example.com%252525252525252525253A8080%252525252525252525252Fadmin-console%252525252525252525252Fauthentication%252525252525252525252Faccess-denied.jsp%252525252525252525253Fgoto%252525252525252525253Dhttp%25252525252525252525253A%25252525252525252525252F%25252525252525252525252Fweb.example.com%25252525252525252525253A8080%25252525252525252525252Fadmin-console%25252525252525252525252Fauthentication%25252525252525252525252Faccess-denied.jsp%25252525252525252525253Fgoto%25252525252525252525253Dhttp%2525252525252525252525253A%2525252525252525252525252F%2525252525252525252525252Fweb.example.com%2525252525252525252525253A8080%2525252525252525252525252Fadmin-console%2525252525252525252525252Fauthentication%2525252525252525252525252Faccess-denied.jsp%2525252525252525252525253Fgoto%2525252525252525252525253Dhttp%252525252525252525252525253A%252525252525252525252525252F%252525252525252525252525252Fweb.example.com%252525252525252525252525253A8080%252525252525252525252525252Fadmin-console%252525252525252525252525252Fauthentication%252525252525252525252525252Faccess-denied.jsp%252525252525252525252525253Fgoto%252525252525252525252525253Dhttp%25252525252525252525252525253A%25252525252525252525252525252F%25252525252525252525252525252Fweb.example.com%25252525252525252525252525253A8080%25252525252525252525252525252Fadmin-console%25252525252525252525252525252Fauthentication%25252525252525252525252525252Faccess-denied.jsp%25252525252525252525252525253Fgoto%25252525252525252525252525253Dhttp%2525252525252525252525252525253A%2525252525252525252525252525252F%2525252525252525252525252525252Fweb.example.com%2525252525252525252525252525253A8080%2525252525252525252525252525252Fadmin-console%2525252525252525252525252525252Fauthentication%2525252525252525252525252525252Faccess-denied.jsp%2525252525252525252525252525253Fgoto%2525252525252525252525252525253Dhttp%252525252525252525252525252525253A%252525252525252525252525252525252F%252525252525252525252525252525252Fweb.example.com%252525252525252525252525252525253A8080%252525252525252525252525252525252Fadmin-console%252525252525252525252525252525252Fauthentication%252525252525252525252525252525252Faccess-denied.jsp%252525252525252525252525252525253Fgoto%252525252525252525252525252525253Dhttp%25252525252525252525252525252525253A%25252525252525252525252525252525252F%25252525252525252525252525252525252Fweb.example.com%25252525252525252525252525252525253A8080%25252525252525252525252525252525252Fadmin-console%25252525252525252525252525252525252Fauthentication%25252525252525252525252525252525252Faccess-denied.jsp%25252525252525252525252525252525253Fgoto%25252525252525252525252525252525253Dhttp%2525252525252525252525252525252525253A%2525252525252525252525252525252525252F%2525252525252525252525252525252525252Fweb.example.com%2525252525252525252525252525252525253A8080%2525252525252525252525252525252525252Fadmin-console%2525252525252525252525252525252525252Fauthentication%2525252525252525252525252525252525252Faccess-denied.jsp%2525252525252525252525252525252525253Fgoto%2525252525252525252525252525252525253Dhttp%252525252525252525252525252525252525253A%252525252525252525252525252525252525252F%252525252525252525252525252525252525252Fweb.example.com%252525252525252525252525252525252525253A8080%252525252525252525252525252525252525252Fadmin-console%252525252525252525252525252525252525252Fauthentication%252525252525252525252525252525252525252Faccess-denied.jsp%252525252525252525252525252525252525253Fgoto%252525252525252525252525252525252525253Dhttp%25252525252525252525252525252525252525253A%25252525252525252525252525252525252525252F%25252525252525252525252525252525252525252Fweb.example.com%25252525252525252525252525252525252525253A8080%25252525252525252525252525252525252525252Fadmin-console%25252525252525252525252525252525252525252Fauthentication%25252525252525252525252525252525252525252Faccess-denied.jsp
	RequestURL	: null
	RequestHelper: 
		null

	Data: 
		null

-----------------------------------------------------------

    Any idea what to check?

    • This reply was modified 6 years, 1 month ago by soma.
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?