search

gandres / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

no way to unset forward URL #451

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Put PWM behind NAM
2. Customize NAM login.jsp to call the Command Servlet
3. Configure PWM to force responses
4. Configure a LDAP identity to have no response
5. Access company.com/app1 (protected resource)
6. Login to NAM wit the user without respones

What is the expected output? What do you see instead?
After filling in the responses the user gets correctly redirected to 
company.com/app1. However, when accessing PWM directly afterwards (protected 
resource behind NAM), the forward url is still present in the session. This 
leads to strange results when pressing the cancel buttons inside the PWM 
modules: the user gets redirected to the forward url that was set by the 
Command Servlet (i.e. company.com/app1). In that case it would be appropriate 
to go back the main menu of PWM.

There is currently no way to unset the forward URL. Only to set a new forward 
url.

Desired behaviour:
After redirecting the user to the forwarld url by the Command Servlet it would 
be nice to have the forward url cleared from the session.

Please use labels and text to provide additional information.

Original issue reported on code.google.com by sebastia...@gmail.com on 19 Aug 2013 at 7:11

GoogleCodeExporter commented 9 years ago 
Attached a proposed patch. This patch resolves the following:

- The Command Servlet unsets the Session forward URL just before doing to the 
actual redirect to the forward URL.
- The Logout Servlet adds the session forward URL as a param so that a third 
party (i.e. NAM) can do a redirect after doing a new login.

Original comment by sebastia...@gmail.com on 19 Aug 2013 at 1:04

Attachments:

GoogleCodeExporter commented 9 years ago 
Slightly improved version: the configuredForwardURL (if available) is included 
as a param on the logout URL when no session forward URL is present.

Original comment by sebastia...@gmail.com on 19 Aug 2013 at 7:12

Attachments:

GoogleCodeExporter commented 9 years ago 
Added in revision 599.  thanks!

Original comment by jrivard on 24 Aug 2013 at 10:53