Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11829

SSOToken idletime reset even when it shouldn't be

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 14.5.0, 6.0.0
    • Fix Version/s: 6.0.0, 5.5.2
    • Component/s: session
    • Labels:
    • Target Version/s:
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Access to an SSOToken that are not supposed to reset the idle time do currently reset it. Most internal accesses of an SSOToken will also reset the idle time, including just trying to read the current idle time. This is somewhat obscured because the code that updates the idle time only does so every 60 seconds (by default). This also seems like a bug to me.

      Reproduction Steps

      cURL commands:

      $ export SSOTOKEN=$(curl -X POST -v -H 'Content-Type: application/json' -H 'X-OpenAM-Username: demo' -H 'X-OpenAM-Password: changeit' http://openam.example.com:8080/openam/json/authenticate | jq -r .tokenId)
      $ curl -X POST -H 'Content-Type: application/json' -H "Cookie: iPlanetDirectoryPro=$SSOTOKEN" 'http://openam.example.com:8080/openam/json/sessions/?_action=getSessionInfo' | jq .

      If you repeat the second command more than a minute later you will see that the last idle time has updated even if no other activity has taken place.

      Code Analysis

      SSOProviderImpl.createSSOToken(SessionID, boolean, boolean) unconditionally calls `validate()` on the session service without passing in the boolean `resetIdleTime` flag. CtsOperations.validate() then always calls CtsSession.setLatestAccessTime() to update the last access (idle) time.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                emma.rumsey Emma Rumsey
                Reporter:
                neil.madden Neil Madden
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: