-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1
-
Component/s: session, web agents
-
Labels:
-
Environment:Impact WPA4 session cache evaluation correctness.
-
Sprint:AM Sustaining Sprint 52
-
Story Points:2
-
Needs backport:Yes
-
Support Ticket IDs:
-
Verified Version/s:
-
Needs QA verification:Yes
-
Functional tests:No
-
Are the reproduction steps defined?:Yes and I used the same an in the description
Bug description
Run the PLL sessionservice to get the session information. This is required for the proper functioning for Web Agents 4.1.x
#!/bin/sh TOKEN=$1 curl -s -D - \ -X POST \ -H "Content-Type: text/xml" \ --data "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><RequestSet vers=\"1.0\" svcid=\"session\" reqid=\"0\"><Request><![CDATA[<SessionRequest vers=\"1.0\" reqid=\"0\"> <GetSession reset=\"false\"><SessionID>$TOKEN</SessionID></GetSession></SessionRequest>]]></Request></RequestSet>" \ "${URL}/openam/sessionservice"
13.5.x
<Session sid="AQIC5wM2LY4Sfcx_iBm2zkPOoK2MFAyeM7g7dGmHvPhyNlk.*AAJTSQACMDEAAlNLABMzNDk0MDk1Njk3OTI0ODcwMzQ2AAJTMQAA*" stype="user" cid="id=user2,ou=user,dc=openam,dc=forgerock,dc=org" cdomain="dc=openam,dc=forgerock,dc=org" maxtime="120" maxidle="30" maxcaching="3" timeidle="79" timeleft="7120" state="valid">
But for 5.x, the timeleft is always a big negative number. Similarly the same is seen for timeidle.
<Session sid="1J4Gl6cFRVwYdp3BeFMe1dYopsU.*AAJTSQACMDEAAlNLABxJYUV2SjBuTWNUZDZHa28rVk1JcUZEK1RYeWM9AAJTMQAA*" stype="user" cid="id=user2,ou=user,dc=openam,dc=forgerock,dc=org" cdomain="dc=openam,dc=forgerock,dc=org" maxtime="5" maxidle="3" maxcaching="1" timeidle="1526027962" timeleft="-1526027663" state="valid">
How to reproduce the issue
- Run the above on 5.x and compare with 13.5.x
Expected behaviour
Correct timeleft is needed
Current behaviour
incorrect timeleft
Work around
-
Impact if not fix
Web Policy agent 4 session cache does not take into account the timeleft settings as it is always negative. The value return should be the actual time left (and should not be be in -ve or in Java current time format).
Code analysis
SessionInfo.java
- expiryTimeSeconds is used. One wonder if we should keep the timeleft around