Affects Version/s: 14.0.0, 14.0.0-M9, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1
The sessions search feature within OpenAM requires a user to exist in the datastore in order to search for and delete a session. This means it will not be possible to find sessions for dynamic sessions, which do not make use of a user store.
- Log into OpenAM as amadmin
- Create a new subrealm
- Set up Social Authentication within the realm (this could be any feature which allows OpenAM to act as the equivalent of a Service Provider)
- Navigate to Subrealm -> Authentication -> User Profile
- Set value of User Profile to Ignored and Save
- In a private browsing session log in to subrealm with social auth
- As amadmin attempt to search for session in realm
- Possible to search for session with username Google-* (or whatever the session was issued as)
- Sessions list will only submit search for user existing in user store.