Keith Wall created QPID-7062:
--------------------------------
Summary: Poor logout experience when using Oauth2 authentication
mechanism for management
Key: QPID-7062
URL: https://issues.apache.org/jira/browse/QPID-7062
Project: Qpid
Issue Type: Improvement
Components: Java Broker
Reporter: Keith Wall
If I configure OAuth2 and use a provider such as CloudFoundry, when I go to
logout of the Qpid Web Management Console I get caught in a loop, giving the
impression that the logout function is broken and leaving no means of escape
without closing the window/tab or typing an address.
# The logout button directs the browser to /logout.
# Web Management invalidates the Session
# Redirects to /management (odd - this should have been retired)
# Oauth2InteractiveAuthenticator redirects to the auethenticate endpoint
(CloudFoundry)
# CloudFoundry redirect back to the Web Management Console starting a new
session.
The experience is similar in Google except I see Google's "Request for
permission" page after logout before the loop starts again.
Perhaps the LogoutServlet should ask the HttpRequestInteractiveAuthenticators
for a logout link? In the case of Oauth2, the plugin could then provide a
configurable link.
I also notice that when using OAuth2, the /login page is still live, but
completely redundant/confusing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
