Hi,
We were having issues clearing cookies after Sign Out has been clicked.
Initially, we configured it the Control Panel -> System Settings
-> Token Based SSO settings. It did not work there.
After doing some research on these forums, we came across a solution
involving creating a servlet and deploying that in liferay.
This worked fine in our Dev environment, but when we deployed it in
INT, we came across the following error.
[TokenLogoutAction:116]
java.lang.ArrayIndexOutOfBoundsException: 1
java.lang.ArrayIndexOutOfBoundsException: 1
at com.liferay.portal.security.sso.token.internal.events.RedirectLogoutProcessor.logout(RedirectLogoutProcessor.java:51)
at com.liferay.portal.security.sso.token.internal.events.TokenLogoutAction.run(TokenLogoutAction.java:110)
Now we see that there was a bug in liferay for this issue, but it is
also been shown as resolved.
https://issues.liferay.com/browse/LPS-78277
The difference that I am seeing in our environments is the version of tomcat.
DEV: liferay-dxp-digital-enterprise-7.0-sp3 with tomcat-8.0.32
INT: liferay-dxp-digital-enterprise-7.0-sp3 with tomcat-8.0.43
As developers, we do not have permission to install in INT, but from
what I can tell, the tomcat version in INT (and subsequently in PROD)
is newer.
Has the above mentioned bug been fixed for this version as well? If
not, is there a work around or another solution?
We need to resolve this as soon as possible since this has been
flagged as a critical security issue. We are using Shibboleth SSO.
Sign on works just fine, it is the sign out which is causing the issue.
Thanks
