Affects Version/s: 13.0.0
The Admin SSOToken used with the policy evaluation rest endpoint (sso/json/policies?_action=evaluate) does refresh not it's token idle timeout
reset after each call compared to the sessions endpoint.
So after the maxIdleTimeout, the call will fail due to SSOToken expiry.
1. Install OpenAM 13.0.0
2. Get the iPlanetDirectoryPro SSO token for "amadmin" and for another subject.
3. Try to get evaluate a policy as in
4. You can check the above Session Idle timeout using
the OpenAM console's session list to see the idle timeout
for both sessions are not reset.
It seems CREST does validate the admintoken with refresh=false but somehow nothing is done to refresh it. It seems the admintoken is also
used in the audit logging but both with refresh=false. It seems all things is done with AdminTokenAction (which uses an internal token dsameuser).
It seems not only json/policies but other REST url like UMA that may uses the SSOToken also but does not refresh the token idletime.