Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-2717

Timed out Login Session results in 403 Forbidden Error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Review
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.5.0.0
    • Fix Version/s: None
    • Component/s: Web Agents
    • Environment:
      AM 551 and WPA 550
    • Story Points:
      5
    • Sprint:
      2020.11 - Agents, 2020.12 - Agents, 2020.13 - Agents, 2020.14 - Agents, 2020.15 - Agents, 2020.16 - Agents, 2020.17 - Agents, 2021.01 - Agents, 2021.02 - Agents, 2021.06 - Agents
    • Support Ticket IDs:

      Description

      When comparing idle/Timed out Login Sessions the behavior between them is not the same. 

      If your Idle for over 5 minutes and try to login depending on if your credentials would be correct the result is that the agent will report back a 403

      2019-05-30 20:16:08 GMT DEBUG  [dd389777-7de4-7b49-9318-29e684685ead]: (source/request.c:2100) handle_exit(): (entry status: custom authentication response)
      2019-05-30 20:16:08 GMT WARNING [dd389777-7de4-7b49-9318-29e684685ead]: pre-authentication state not found
      2019-05-30 20:16:08 GMT WARNING [dd389777-7de4-7b49-9318-29e684685ead]: handle_exit(): unable to retrieve pre-authentication request data
      2019-05-30 20:16:08 GMT DEBUG  [dd389777-7de4-7b49-9318-29e684685ead]: (source/apache/agent.c:889) amagent_auth_handler(): exit status: forbidden (3)

      If you instead you fail to login, entering the wrong username/password you will get the correct "session timedout" error. 

       

      There is a related Jira https://bugster.forgerock.org/jira/browse/AMAGENTS-704 

      But customer does not want to set the com.sun.identity.agents.config.profile.attribute.cookie.maxage time to a higher value, as there could still be edge cases of a browser that is idle for 10 hours.  

      Workaround

      Enable PDP
      set pdp time higher (but lower than cooke.maxage)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              alex.levin@forgerock.com Alex Levin
              Reporter:
              william.hepler William Hepler
              Votes:
              4 Vote for this issue
              Watchers:
              16 Start watching this issue

                Dates

                Created:
                Updated: