Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11829

SSOToken idletime reset even when it shouldn't be

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 14.5.0, 6.0.0
    • 6.0.0, 5.5.2
    • session
    • Rank:
      1|hzua5z:
    • No
    • No
    • Yes
    • Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Access to an SSOToken that are not supposed to reset the idle time do currently reset it. Most internal accesses of an SSOToken will also reset the idle time, including just trying to read the current idle time. This is somewhat obscured because the code that updates the idle time only does so every 60 seconds (by default). This also seems like a bug to me.

      Reproduction Steps

      cURL commands:

      $ export SSOTOKEN=$(curl -X POST -v -H 'Content-Type: application/json' -H 'X-OpenAM-Username: demo' -H 'X-OpenAM-Password: changeit' http://openam.example.com:8080/openam/json/authenticate | jq -r .tokenId)
      $ curl -X POST -H 'Content-Type: application/json' -H "Cookie: iPlanetDirectoryPro=$SSOTOKEN" 'http://openam.example.com:8080/openam/json/sessions/?_action=getSessionInfo' | jq .

      If you repeat the second command more than a minute later you will see that the last idle time has updated even if no other activity has taken place.

      Code Analysis

      SSOProviderImpl.createSSOToken(SessionID, boolean, boolean) unconditionally calls `validate()` on the session service without passing in the boolean `resetIdleTime` flag. CtsOperations.validate() then always calls CtsSession.setLatestAccessTime() to update the last access (idle) time.

       

        Attachments

          Issue Links

            Activity

              People

              emma.rumsey Emma Rumsey
              neil.madden Neil Madden
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: