Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15906

Misleading error message: "Invalid Session Timed out" returned by Auth Trees

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 6.5.1, 6.5.0.2, 6.5.2, 6.5.2.1, 6.5.2.2
    • None
    • authentication, trees

      Description

      Bug description

      When authenticating against AM using stateless trees behind a load balancer, AM returns a misleading error message 

      "Invalid Session Timed out"

      This happens if the AuthID token is sent to a different AM host than the one that created it.

      How to reproduce the issue

      High-level steps to reproduce the error

      1. Set up at least two identical AM instances behind a load balancer without sticky sessions or two separate AM instance and manually post to each one
      2. Set trees to use JWT stateless sessions
      3. Call AM1 tree and it returns the callbacks with AuthID
      4. Post the filled in callbacks with AuthID to AM2 
      5. AM then throws "Invalid Session Timed out"
      Expected behaviour
      "Session invalid not same host"
      Current behaviour
      "Invalid Session Timed out"
      

      Code analysis

      package com.sun.identity.authentication.service  authutils.java

      AuthUtils.java
      if (StringUtils.isNotEmpty(cookieURL) && (isLocalServer(cookieURL,true))) {
          utilDebug.error("AuthUtils:getAuthContext(): " + "Invalid Session Timed out");
          clearAllCookies(request, response);
          throw new AuthException(AMAuthErrorCode.AUTH_TIMEOUT);
      }         
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            anthony.harrison Anthony Harrison
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: