Logged out Okta session page missing

Question

Logged out Okta session page missing

CeriZego opened this issue 2 years ago · 4 comments

If an Okta session is logged out during the session, in version v0.5.1 I saw this page which prompts for logout:

From version v1.0.0 I see some JSON instead:

{"action":"Something is wrong with your OIDC session. Please try to logout and login again","description":"The client specified not to prompt, but the user is not logged in.","error":"OIDC Error: login_required"}

Many thanks

Answer 1 · 2022-05-30T12:56:23.000Z

Hi @CeriZego
thanks for reaching out and I'm sorry you are having issues with GPM. Just to better understand, is the session being closed from Okta and it is not after performing a logout from GPM, right?

Answer 2 · 2022-05-30T13:07:51.000Z

Hi @ralgozino

The session is being logged out in Okta. Then when the app is used after that the error JSON is seen.
Just doing some testing after upgrading GPM. Thanks for looking at it

Ceri

Answer 3 · 2022-05-30T13:38:51.000Z

thanks for the report, we'll try to reproduce it and let you know :)

Answer 4 · 2022-05-30T17:17:00.000Z

I was able to reproduce the error also with Keycloak as IDP. Ending the session IDP's side is not handled gracefully by GPM.

Basically we need to do this:
zamzterz/Flask-pyoidc#71

Thanks again for the report @CeriZego