Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-7062

Poor logout experience when using Oauth2 authentication mechanism for management

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • None
    • Broker-J
    • None

    Description

      If I configure OAuth2 and use a provider such as CloudFoundry, when I go to logout of the Qpid Web Management Console I get caught in a loop, giving the impression that the logout function is broken and leaving no means of escape without closing the window/tab or typing an address.

      1. The logout button directs the browser to /logout.
      2. Web Management invalidates the Session
      3. Redirects to /management (odd - this should have been retired)
      4. Oauth2InteractiveAuthenticator redirects to the auethenticate endpoint (CloudFoundry)
      5. CloudFoundry redirect back to the Web Management Console starting a new session.

      The experience is similar in Google except I see Google's "Request for permission" page after logout before the loop starts again.

      Perhaps the LogoutServlet should ask the HttpRequestInteractiveAuthenticators for a logout link? In the case of Oauth2, the plugin could then provide a configurable link.

      I also notice that when using OAuth2, the /login page is still live, but completely redundant/confusing.

      Attachments

        Issue Links

          Is contained by

          New Feature - A new feature of the product, which has yet to be developed. QPID-7028 [Java Broker] Add OAuth2 AuthenticationProvider

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              kwall Keith Wall
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: