Calling logout page for unauthenticated user forces login
If we are not authenticated and redirected on the logout page (/?logout=1 ou /logout), we don't see the logout confirmation page, but are instead redirected on login page.
Logs:
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [info] No cookie found
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Build URL http://auth.example.com:19876/?logout=1
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Redirect 127.0.0.1 to portal (url was /?logout=1)
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] User not authenticated, Try in use, cancel redirection
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Start routing default route
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Processing controlUrl
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Processing code ref
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Processing extractFormInfo
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Prepare token
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Token 1602006624_19649 created
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Returned error: 9 (PE_FIRSTACCESS)
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Display type standardform
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Skin returned: login
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Calling sendHtml with template login
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Starting HTML generation using /home/clement/dev/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Sending /home/clement/dev/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Apply following CORS policy :
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Access-Control-Allow-Origin
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] *
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Access-Control-Allow-Credentials
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] true
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Access-Control-Allow-Headers
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] *
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Access-Control-Allow-Methods
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] POST,GET
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Access-Control-Expose-Headers
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] *
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Access-Control-Max-Age
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] 86400
[Wed Oct 7 15:48:24 2020] [LLNG:28584] [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
This is a regression from 1.9 versions. It can be an issue when login is done automatically (Kerberos, or SAML with only one IDP).