Session Time Out - Return To Login Link Issue: OpenSSO/AM IS LOOSING THE REALM CONTEXT WHEN USING THE RETURN LOGIN LINK
Last updated on MARCH 08, 2017
Applies to:Oracle OpenSSO - Version 7.1 to 8.0.2 [Release 7.0 to 8.0]
Information in this document applies to any platform.
On : OpenSSO 8.0u2p4 version [ Oracle OpenSSO 8.0 Update 2 Patch4 Build 6.1(2012-January-18 11:03) ]
But the issue does also apply to any earlier versions of OpenSSO 8.0 u2p4 release (meaning u2p3, u2p2, etc...) as well as any earlier versions of Sun AM 7.1 p5 (meaning 7.1p5, 7.1p4, etc...)
When using single sign on, the user is directed to the login page from an external app.
If the user takes a couple minutes to log in (2 mins), users are directed to a "session timed out" page with a link that allows them to return to the login page.
The redirection has been lost, once user click on "Retun to Login Page" it loses the goto parameter and not redirected to login with the original goto param.
Currently click on "Retun to Login Page" on Session Time Out page is directed to as below URL:
https://OpenSSO-Host-domain/opensso/UI/Login?gx_charset=UTF-8 -----> CURRENT REDIRECTION
WE WANT the "Retun to Login Page" on Session Time Out page gets directed as per below url (login with goto param)
https://OpenSSO-Host-domain/opensso/UI/Login?locale=en&goto=&gx_charset=UTF-8 ----> REQUIRED REDIRECTION
In case of Authentication failed Scenario users are directed to a "Authentication Failed" page with a link that allows them to return to the login page.
This return to login link redirected correctly to login with the original goto param.
The issue can be reproduced at will with the following steps:
1. login page from an external app (for example using some OpenSSO Web Policy Agent 3.0 for a protected resource, which can be considered an external app)
2. user wait for a couple minutes to log in (say 2 mins)
3. enter user credentials and submit
4. check and ensure user has got "session timed out" page
5. verify and click the link on "Retun to Login Page" on Session Time Out page
6. ensure user re-directed to login page, but with the loss of the goto parameter and not redirecting back to the external application url
The issue has the following business impact:
The Business impact can be low. But basically the issue causes confusion and may make the end users to think the application is not working correctly.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms