Ask Question
« General Questions on Nuxeo

Logout Plugin not being called after direct link navigation

I've created my own login plugin to authenticate users with our system and included a logout extension to logout users in our system upon logging out of nuxeo. This all works fine except when a user follows a direct link to nuxeo e.g. http://mynuxeoinstance/nuxeo/nxpath/default/default-domain/Doc1234@view_documents

If you push logout from that page it navigates to http://mynuxeoinstance/nuxeo/logout instead of calling my logout function.

If you navigate anywhere else from that page in nuxeo, it calls my correct logout function when attempting to logout. Is it related to the ?tabIds=%3A&conversationId=0NXMAIN1 it appends to the url when navigating around? Something about going directly to a page and logging out from there seems to cause it to fail. Any ideas?

Edit: this displays the same issues as this post: http://answers.nuxeo.com/questions/5797/permanent-links-and-cas-authentication

cburch
Member (331)   1   3   1 		10/23/2013 ( History)
0 votes
2 answers
3200 views
ANSWER
cburch
Edit: Code snippets:

To reproduce:<br />

  1. Must be previously logged out from nuxeo<br />
  2. Navigate directly to a nuxeo document e.g.: http://localhost:8080/nuxeo/nxpath/default/default-domain/UserWorkspaces/cburch-ikanow-com/7195035322688821592@view_documents&lt;br />
  3. Use user dropdown to select Logout<br />
  4. Redirected to "http://localhost:8080/nuxeo/logout" Error page: "Page Not Found"<br /> <br /><br /> Code: InfiniteAuthenticator<br /> I use an authenticator that implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension <br /><br /> It grabs a users cookies and authenticates it with our REST Api to spit back a UserIdentification <br /><br /> Code: InfiniteLoginPlugin<br /> Our login plugin implements LoginPlugin and tries to find a user that already exists in nuxeo, otherwise it creates one using the users email address. <br /><br />

The logout portion of Authenticator:<br /> @Override

public Boolean handleLogout(HttpServletRequest httpRequest, HttpServletResponse httpResponse) 
{
    String cookie = getInfiniteCookie(httpRequest);
    if ( cookie != null)
    {
        InfiniteDriver inf_driver = new InfiniteDriver(getApiUrl(httpRequest, infinite_api_url));
        inf_driver.useExistingCookie(cookie);
        log.debug(&quot;Logging user out via cookie&quot;);
        inf_driver.logout();
    }
    try
    {
        log.debug(&quot;not logged in, redirect to infinite&quot;);
        httpResponse.sendRedirect(getLoginUrl(httpRequest, infinite_login_url));
        return true;
    }
    catch (Exception ex)
    {
        log.error(&quot;unable to redirect&quot;, ex);
    }
    return false;
}

<br /><br /> I can watch the logs when you follow my steps to reproduce and it isn't actually calling this logout function when you do that. It's not until you follow a link to a second page in nuxeo that it'll call my handleLogout instead of what I think is the FORM_AUTH logout page?

10/30/2013
manuek
Hi,

I don't know if this can help, but we also experiment some troubles with logout link (and also other links in the document page, but not all them) in a page reach by a permanent link with CAS authentication. This happen without any modification of the default behavior. (see http://answers.nuxeo.com/questions/5797/permanent-links-and-cas-authentication)

11/04/2013
cburch
I think you are right manuek, we have those issues also and they are probably related to using an alternate login method w/ direct links.
11/04/2013
ANSWERS

I think I've found the solution to this:

When using a custom Authenticator, sometimes the tomcat session has not been initialized yet (according to this post: http://stackoverflow.com/questions/595872/under-what-conditions-is-a-jsessionid-created). To ensure my session has started I added a

httpRequest.getSession(true);

during the handleRetrieveIdentity method. This seems to fix my issue of Nuxeo going to a page not found after any redirect.

cburch
Member (331)   1   3   1 		12/05/2013 ( History)
0 votes

Would you have some code snippet to share? Ideally a (WebDriver) test reproducing the issue?

How does your logout extension work?

Julien Carsique
DevTools Team manager (19.2K)   4   7   7 		10/25/2013 ( History)
0 votes
cburch
Updated my question with some more information about the authenticator and loginplugin. I'm not sure how to create WebDriver tests, I'll try to look into that here. Let me know if you could use more information.
10/30/2013
Follow
Tags
Linked Questions
Related Questions
How to create a user in login plugin
Logout to Login page in one step
CAS Single Sign Out
how to add a virtual navigation tree ?
permanent links and CAS authentication
Trying to make SAML2.0 SSO work with Azure AD
Logout from web UI "Administrator" always returns to logged-in state
how to change authentication link
Custom config for deploying plugins