Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15645

The &refresh=true|false parameter for _action=validate is not working as expected

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0.5, 6.0.0.7
    • Fix Version/s: 6.0.1, 7.0.0, 6.5.3
    • Component/s: session
    • Labels:
    • Sprint:
      AM Sustaining Sprint 69
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Session Idle Time is being updated when you run a curl command to _action=validate and try to skip the update by appending &refresh=false (defaults to true).

      Ref. old bug where parameter was introduced OPENAM-12436.

      RFE for the same parm being added to getSessionInfo in OPENAM-15640.

      How to reproduce the issue

      Reproduce as follows.

      1. Setup AM 6.0.0.5 with a WPA 5.6.1.1 protecting a website.  You should be able to simulate the same behavior without an Agent by having demo user access their User Profile (by logging into AM as a non-amadmin user) in a separate browser.
        Use Firefox for demo and Chrome for amadmin.
      2. Have a demo user login to the website or AM in Firefox and let Idle Time elapse.
      3. Open Chrome or a different supported browser and log amadmin in. 
      4. View REALM! > Sessions for the demo user.
        NOTE: You must add the Services > Session to a REALM! or update/touch by saving CONFIGURE > Global Services > Sessions, Dynamic Attributes TAB! to view in Top Level Realm.  Whichever REALM! you logged demo in to view their active session.
      5. Run a curl command to validate that session.
        Go back to the demo user browser and open DevTools to copy their iPlanetDirectoryPro cookie for use in this command. 
        Then fire the command from command line.
        Note: The behavior is the same from cli vs Postman, this code was copied from Postman to demonstrate the same from the customer's perspective and test.
      curl -X POST \
       'https://openam.example.com:8443/am6005/json/realms/root/authenticate?_action=validate%26refresh=false&iPlanetDirectoryPro=hf-JCUrLrfeZgCOsD7kavs0_l_U.%2AAAJTSQACMDEAAlNLABxmb010Q3RQeEd2a3JsTklIQXFFV2h6SWN4ZDQ9AAR0eXBlAANDVFMAAlMxAAA.%2A' \
       -H 'Accept-API-Version: resource=2.0, protocol=1.0' \
       -H 'Content-Type: application/json' \
       -H 'Postman-Token: f5e2d8eb-797d-4b6b-bb7b-bba480a974ac' \
       -H 'cache-control: no-cache,no-cache' \
       -d '{
       "properties": [
       "currentLoginTimeStamp",
       "Host",
       "lastLoginTimeStamp",
       "sessionId",
       "ssoid",
       "sunIdentityUserPassword",
       "userLocked",
       "UserToken"
       ]
      }'

              6. Now go back to Chrome (amadmin) and reload the demo user Session.

      Expected behaviour
      Idle Time is Not touched as _action&refresh=false is honored and refresh has been skipped.
      
      Current behaviour
      The idle time has been reset displaying a few seconds ago.  See screenshots.
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                ashley.hale Ashley Hale
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: