Logging out via REST API fails with no results message in OpenAM 11.0.1
The purpose of this article is to provide assistance if logging out an authenticated user via the REST API fails with no results message in OpenAM 11.0.1. This occurs when using a POST request with the token cookie value and the json/sessions?_action=logout end point.
This article has been archived and is no longer maintained by ForgeRock.
The logout fails but no results message is shown.
If you use a verbose curl request such as:$ curl -v -X POST -H "iplanetDirectoryPro: AQIC5w...*AAJTSQACMDE.*" "http://openam.example.com:18080/openam/json/sessions/?_action=logout"
The response does not show an error, for example:* About to connect() to openam.example.com port 18080 (#0) * Trying 127.0.0.2... connected * Connected to openam.example.com (127.0.0.2) port 18080 (#0) > POST /openam/json/sessions?_action=logout HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/184.108.40.206 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: openam.example.com:18080 > Accept: */* > iPLanetDirectoryPro: AQIC5w...*AAJTSQACMDE.* > < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < Content-Length: 0 < Date: Wed, 21 May 2014 08:05:24 GMT < * Connection #0 to host openam.example.com left intact * Closing connection #0
Neither the amSSO.access log or the Session debug log show anything related to logging out, even though they should record activity related to session logouts.
Upgraded to OpenAM 11.0.1.
The logout request is not actually logging out the user as can be seen if you check the active sessions in OpenAM.
This issue can be resolved by upgrading to OpenAM 11.0.2 or later; you can download this from BackStage.
You can workaround this issue by using the legacy REST API to logout, for example:$ curl -X POST -d "subjectid=AQIC5w...*AAJTSQACMDE.*" http://openam.example.com:18080/openam/identity/logout
401 or 403 response using REST API for logout requests in OpenAM 11.0.2
Related Issue Tracker IDs
OPENAM-4005 (REST logout session fails and does not produce a result message in 11.0.1)