Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
If I configure OAuth2 and use a provider such as CloudFoundry, when I go to logout of the Qpid Web Management Console I get caught in a loop, giving the impression that the logout function is broken and leaving no means of escape without closing the window/tab or typing an address.
- The logout button directs the browser to /logout.
- Web Management invalidates the Session
- Redirects to /management (odd - this should have been retired)
- Oauth2InteractiveAuthenticator redirects to the auethenticate endpoint (CloudFoundry)
- CloudFoundry redirect back to the Web Management Console starting a new session.
The experience is similar in Google except I see Google's "Request for permission" page after logout before the loop starts again.
Perhaps the LogoutServlet should ask the HttpRequestInteractiveAuthenticators for a logout link? In the case of Oauth2, the plugin could then provide a configurable link.
I also notice that when using OAuth2, the /login page is still live, but completely redundant/confusing.
Attachments
Issue Links
- Is contained by
-
QPID-7028 [Java Broker] Add OAuth2 AuthenticationProvider
- Closed