Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14782

AuthTree created Session does not use per User Session Service settings

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.5.1
    • Fix Version/s: 7.0.0, 6.5.3
    • Component/s: authentication, session
    • Environment:
      Authentication Tree with custom user session service settings
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      The settings for the Session Service per user does not work on AuthTree. The same setting works on Authentication module for this particular user though

      How to reproduce the issue

      1. Create a new user
      2. Create a new Session service for this user
      3. Assign 1 min to all the idle and max idle, max caching settings
      4. Test with authentication module (DataStore) by logging in as this user and observe if the session timeout in 1 min. It should work. You can also check the CTS directory for the session settings have "1" inside some of the directory settings
      5. Repeat this with AuthTree example logging in as that user. Check CTS and the values shows the idle timeout is 3 and 30 for max idle. It is not using the per user settings
        Expected behaviour
      The session service per user should be used.
      
      Current behaviour
      The session service per user should be used is ignored and seems to use the realm settings
      

      Work around

      Settings follow the realm session service settings

      Code analysis

      There is no code that read the user Profile session Service

      SessionCreationStrategy.java
      ...
      void addTImes(....) {
         .... It does not read from user profile inspite what is commented 
         .... It only from the realm. So there is missing code (in fact, unless the
         .... user profile is passed in, how does it even possible
         .... to set the SessionBuilder for this per-user Service.
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                emma.rumsey Emma Rumsey
                Reporter:
                chee-weng.chea C-Weng C
              • Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: