[LS-1027] NEP Logout via ADFS – Session Not Terminating Properly (ADFS URL Error) Created: 25/Mar/26 Updated: 03/Apr/26 Due: 25/Mar/26 |
|
| Status: | Ready for QA |
| Project: | L3 Support |
| Component/s: | NEP |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Normal |
| Reporter: | Sanju Yadav | Assignee: | Sanju Yadav |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Customer: |
Airtel India
|
| Planned Start: | |
| Planned End: | |
| Complexity: | Very High |
| Product: | NEP |
| Description |
|
Users are facing errors while logging out of NEP through ADFS. The logout process does not terminate the session properly, leading to session persistence issues. This may also be contributing to the “User already authenticated” issue. Steps to Reproduce: Login to NEP via ADFS Actual Result: Error during logout (ADFS URL issue) Expected Result: Successful logout without errors Impact: Sessions remain active |
| Comments |
| Comment by Omar Kamalddine [ 03/Apr/26 ] |
|
Fix: AppUserChecker.check() now evicts the stale cache entry instead of throwing on re-login. Also hardened adfsLogin() to swallow logout errors before calling validateToken. |
| Comment by Omar Kamalddine [ 03/Apr/26 ] |
|
Root cause: Spring Security user cache was not evicted on SSO logout when the authentication field was null/stale after Vaadin session reset, causing AppUserChecker to block re-login with MultipleAuthenticationException. |