Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14433

AM Session idletime not reset when Agent Profile has SSO Only set



    • Bug
    • Status: Closed
    • Major
    • Resolution: Not a defect
    • None
    • session
    • Rank:
    • AM Sustaining Sprint 60
    • 0
    • Future
    • None


      Bug description

      When Web Agent profile is set to SSO Only, the end users token's idletime is not reset when visiting protected resources. The idletime will keep increasing until the user hits the Max Session time and gets an error.

      How to reproduce the issue

      1. step 1: Install/Configure AM
      2. step 2: Create Agent profile in top realm
      3. step 3: Set Agent profile to SSO Only
      4. step 4: Install 5.5.0 Agent using the profile created in step 2
      5. step 5: Go to Agent protected resource and login as a user
      6. step 6: In another browser login as amAdmin and go to the Top Level realm's Sessions tab and type in demo, if that's the user who you logged into the website. Notice the idletime
      7. step 7: wait 3 minutes
      8. step 8: hit refresh in the agent protected page
      9. step 9: in Sessions tab, type username demo again. See the idletime has not changed. It does not get reset to 0 when the user access the protected resource.
      Expected behaviour
      Expected behavior is the idletime will get reset
      Current behaviour
      Idle Time keeps increasing until user times out via Max Session Time

      Work around

      Remove Agent's SSO Only configuration and add a simple policy. I used //::/* and GET Action, with Authenticated users.

      With AM using a Policy rather then the SSO Only the idletime gets reset. If you repeat the steps from above, you will see the idletime getting reset.

      Code analysis

      not done


        Issue Links



              joe.starling Joe Starling
              david.bate David Bate
              0 Vote for this issue
              6 Start watching this issue