Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10603

Login page error "Maximum sessions limit reached or session quota has exhausted" with restricted tokens and session quotas

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0
    • Fix Version/s: 13.5.2
    • Labels:
    • Environment:
      AM 13.5.0
      J2EE Agent 3.5.1
    • Sprint:
      AM Sustaining Sprint 48
    • Story Points:
      5
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      With restricted tokens and session quotas enabled, upon hitting their quota a user will see an error page at login:

      Maximum sessions limit reached or session quota has exhausted.
      Contact your system administrator."
      

      To reproduce:
      1. Setup as per OPENAM-10513
      2. Enable session quota with DESTROY_NEXT_EXPIRING
      3. Reach the quota.

      Session debug:

      amSession:02/12/2017 08:25:55:063 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
      Local destroy for AQIC5wM2LY4SfczEq1ZPwN4lfF-E18JGRB8wbrzqZHbbvQU.*AAJTSQACMDIAAlNLABQtMzA5MzE3NDk0NTc3NDYyMzgzMAACUzEAAjAx*
      amSession:02/12/2017 08:25:55:063 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
      Failed to destroy the next expiring session.
      com.iplanet.dpro.session.SessionException: java.lang.NullPointerException
              at com.iplanet.dpro.session.Session.destroySession(Session.java:799)
              at org.forgerock.openam.session.service.DestroyNextExpiringAction.action(DestroyNextExpiringAction.java:73)
              at com.iplanet.dpro.session.service.SessionConstraint.checkQuotaAndPerformAction(SessionConstraint.java:178)
              at com.iplanet.dpro.session.service.InternalSession.activate(InternalSession.java:1132)
              at com.iplanet.dpro.session.service.InternalSession.activate(InternalSession.java:1105)
              at com.sun.identity.authentication.service.DefaultSessionActivator.activateSession(DefaultSessionActivator.java:127)
              at com.sun.identity.authentication.service.DefaultSessionActivator.updateSessions(DefaultSessionActivator.java:107)
              at com.sun.identity.authentication.service.DefaultSessionActivator.activateSession(DefaultSessionActivator.java:69)
              at com.sun.identity.authentication.service.LoginState.activateSession(LoginState.java:1146)
              at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:636)
              at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:617)
              at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1370)
              at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:856)
              at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519)
              at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
              at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
              at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:131)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
              at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
              at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
              at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.NullPointerException
              at java.util.concurrent.ConcurrentHashMap.hash(ConcurrentHashMap.java:333)
              at java.util.concurrent.ConcurrentHashMap.remove(ConcurrentHashMap.java:1175)
              at org.forgerock.openam.utils.SingleValueMapper.remove(SingleValueMapper.java:96)
              at com.iplanet.dpro.session.service.InternalSessionCache.remove(InternalSessionCache.java:120)
              at com.iplanet.dpro.session.service.SessionService.removeInternalSession(SessionService.java:466)
              at com.iplanet.dpro.session.service.SessionService.destroyInternalSession(SessionService.java:774)
              at com.iplanet.dpro.session.service.SessionService.destroySession(SessionService.java:920)
              at com.iplanet.dpro.session.operations.strategies.LocalOperations.destroy(LocalOperations.java:99)
              at com.iplanet.dpro.session.monitoring.MonitoredOperations.destroy(MonitoredOperations.java:79)
              at com.iplanet.dpro.session.Session.destroySession(Session.java:797)
              ... 50 more
      
      amSession:02/12/2017 08:25:55:064 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
      SessionConstraint.checkQuotaAndPerformAction: Session quota exhausted.
      amSession:02/12/2017 08:25:55:064 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
      Session Quota exhausted!
      

      Note: not reproducible with 11.0.3 and J2EE 3.5.1

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: