After doing several logins and logouts in the same browser but using different tabs and applications a logout request does not work as expected (the SSO session remains).
In a Java adapter, executing
HttpServletRequest.logout()to perform a SSO logout fails following these steps:
- Open a window in the browser.
- Execute the login operation in application 1.
- Open another window in the same browser.
- Perform the login in application 2.
- Execute the logout operation of the application 2.
- Execute the login operation of the application 2 in the same window.
- Go back to the previous window (application 1).
- Execute the logout operation (application 1).
The last logout does not work and the session remains active at SSO level.
- Red Hat Single Sig-On (RH-SSO)
- OpenID Connect adapters
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.