Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15644

The &refresh=true|false parameter for _action=validate is not working as expected


    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s:,
    • Fix Version/s: None
    • Component/s: session
    • Labels:
    • Support Ticket IDs:


      Session Idle Time is being updated when you run a curl command to _action=validate and try to skip the update by appending &refresh=false (defaults to true).

      Ref. old bug where parameter was introduced OPENAM-12436.

      RFE for the same parm being added to getSessionInfo in OPENAM-15640.

      Reproduce as follows.

      1. Setup AM with a WPA protecting a website.  You should be able to simulate the same behavior without an Agent by having demo user access their User Profile (by logging into AM as a non-amadmin user) in a separate browser.
        Use Firefox for demo and Chrome for amadmin.
      2. Have a demo user login to the website or AM in Firefox and let Idle Time elapse.
      3. Open Chrome or a different supported browser and log amadmin in. 
      4. View REALM! > Sessions for the demo user.
        NOTE: You must add the Services > Session to a REALM! or update/touch by saving CONFIGURE > Global Services > Sessions, Dynamic Attributes TAB! to view in Top Level Realm.  Whichever REALM! you logged demo in to view their active session.
      5. Run a curl command to validate that session.
        Go back to the demo user browser and open DevTools to copy their iPlanetDirectoryPro cookie for use in this command. 
        Then fire the command from command line.
        Note: The behavior is the same from cli vs Postman, this code was copied from Postman to demonstrate the same from the customer's perspective and test.
      curl -X POST \
       'https://openam.example.com:8443/am6005/json/realms/root/authenticate?_action=validate%26refresh=false&iPlanetDirectoryPro=hf-JCUrLrfeZgCOsD7kavs0_l_U.%2AAAJTSQACMDEAAlNLABxmb010Q3RQeEd2a3JsTklIQXFFV2h6SWN4ZDQ9AAR0eXBlAANDVFMAAlMxAAA.%2A' \
       -H 'Accept-API-Version: resource=2.0, protocol=1.0' \
       -H 'Content-Type: application/json' \
       -H 'Postman-Token: f5e2d8eb-797d-4b6b-bb7b-bba480a974ac' \
       -H 'cache-control: no-cache,no-cache' \
       -d '{
       "properties": [
      1. Now go back to Chrome (amadmin) and reload the demo user Session.

      Expected behavior:

      Idle Time is Not touched as _action&refresh=false is honored and refresh has been skipped.

      Actual behavior:

      The idle time has been reset displaying a few seconds ago.  See screenshots.



          Issue Links



              • Assignee:
                ashley.hale Ashley Hale
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: