Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5864

Quota constraints exceeded in multi-instance with LB and CTS enabled

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.2, 12.0.2, 13.0.0
    • Fix Version/s: 14.5.0
    • Component/s: CTS, session
    • Labels:
    • Sprint:
      AM Sustaining Sprint 15
    • Support Ticket IDs:

      Description

      Environment:

      2 OpenAM 11.0.2 instances behind HA_Proxy
      Session Failover enabled (CTS within embedded config in my test)
      Site defined
      ha_proxy load balancing in round robin between am1 and am2
      Quota constraint set to 2 per user
      DESTROY_NEXT_EXPIRING set up

      Test:

      A simple curl that throws the same authentication request for the same user; loop 5000 times:

      curl --request POST --header "X-OpenAM-Username: testuser" --header "X-OpenAM-Password: password" --header "Content-Type: application/json" --data "{}" http://lb.example.com:8080/openam/json/authenticate
      

      In the Session log file, you can see that the number of sessions is being checked in order to decide whether the quota has been reached. At the beginning of the logs I can see it stays at 2 existing sessions - as it should -, then it moves on to 3 and does not go back down.

      amCoreTokenService:04/16/2015 05:21:07:041 PM BST: Thread[http-bio-18080-exec-31,5,main]
      CTS: Querying Sessions by User Id. Found 3 Sessions.
      UUID: id=testuser,ou=user,dc=openam,dc=forgerock,dc=org
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nathalie.hoet Nathalie Hoet
              • Votes:
                3 Vote for this issue
                Watchers:
                18 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: