Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15245

REST API to provide the ability for the user to query all their own sessions

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.0.0, 6.5.0, 6.5.1, 6.5.2
    • Fix Version/s: None
    • Component/s: session
    • Labels:
    • Support Ticket IDs:

      Description

      Problem
      Currently it is possible as an administrator to query all the session for a particular user (in a realm) However this is not possible that a session itself try to query sessions that is owned (or created by the same user) and this will give Forbidden.

      Currently

      curl 'http://openam.example.com:8080/openam/json/sessions?_queryFilter=username%20eq%20%22demo%22%20and%20realm%20eq%20%22%2F%22' -H 'Accept-API-Version: protocol=1.0,resource=3.1' 
      

      returns Forbidden when the session is itself used to query it's own username

      Purpose of this

      • There is a need to relax this so that same "user" (hopefully they are the same) can query all their own sessions and so that some user application (dashboard) can be used to manage their own sessions (including invalidating them)
      • Generally this may be considered where requester for this have intention to have a custom user dashboard/service that may manage their profile, devices, and also information on sessions.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              chee-weng.chea C-Weng C
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: