Details
-
Bug
-
Resolution: Fixed
-
Highest
-
3.4.5
-
31
-
Severity 3 - Minor
-
44
-
Description
Issue Summary
Logging out from the linked application (Confluence, Jira, Bitbucket etc.) to Crowd will trigger XSRF error in logs with a display of session information.
Environment
Crowd 3.4.5
Confluence 6.15.4
Use Crowd SSO as user directory in Confluence.
Steps to Reproduce
- Enable SSO from Crowd on Confluence, with linked user directory.
- Login to Confluence.
- Logout from Confluence
Expected Results
Nothing will be logged in Crowd logs when you log in or logout.
Actual Results
The crowd will Log XSRF warning and it will display session information.
The below exception is thrown in the atlassian-crowd.log file:
2019-07-25 16:11:59,525 http-nio-6345-exec-8 WARN [common.security.jersey.XsrfResourceFilter] XSRF failure not being enforced for request: http://localhost:6345/crowd/rest/usermanagement/1/session/4560Zf6Bdtr5J... , origin: null , referrer: null, method: DELETE
Workaround
Currently, there is no known workaround for this behavior. A workaround will be added here when available
Attachments
Issue Links
- is cloned by
-
KRAK-4692 Loading...
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...