Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-1068

In case of session upgrade the SAML IDPCache can lose the ssotoken sessionindex mapping

    Details

    • Sprint:
      Sustaining Sprint 10, Sustaining Sprint 11
    • Support Ticket IDs:

      Description

      1) Login using SP initiated SSO (using default ldapService == DataStore REQ)
      2) Login using regular UI with different service (Login?service=test == LDAP REQ)
      3) Try to repeat 1)

      The IDP session is null error message occurs, because in 2) a new ssotoken is issued, and that will cause the IDPCache to lose the original sessionindex<->ssotoken mapping, and the new session will not be mapped to the sessionindex.

      Workarounds:

      • openam.auth.destroy_session_after_upgrade=false
      • custom SessionPropertyUpgrader implementation not copying the SAML index -> could cause problems, if the SAML application sends further requests (like isPassive=true)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                peter.major Peter Major [X] (Inactive)
                QA Assignee:
                Nemanja Lukic
              • Votes:
                3 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0h
                  0h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 11h
                  11h