Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10286

Idle timeout for JWT authentication module is not working

    XMLWordPrintable

    Details

      Description

      Description:
      When new requests are made IDM is supposed to return a new JWT session cookie with an updated idle timeout, but the corresponding response cookie session-Jwt is not returned to the client. As a result the session always times out after creation time + idle timeout interval.

      Reproduction:
      1. Per IDM 5.0 Intetragors Guide
      18.1.2.1. Supported Session Module.
      https://backstage.forgerock.com/docs/idm/5/integrators-guide/
      OpenIDM includes one supported session module. The JSON Web Token session module configuration specifies keystore information, and details about the session lifespan. The default JWT_SESSION configuration is as follows in the authentication.jsonf file:

      "sessionModule" : {
      "name" : "JWT_SESSION",
      "properties" : {
      "keyAlias" : "&

      Unknown macro: {openidm.https.keystore.cert.alias}

      ",
      "privateKeyPassword" : "&

      Unknown macro: {openidm.keystore.password}

      ",
      "keystoreType" : "&

      Unknown macro: {openidm.keystore.type}

      ",
      "keystoreFile" : "&

      Unknown macro: {openidm.keystore.location}

      ",
      "keystorePassword" : "&

      ",
      "sessionOnly" : true "isHttpOnly" : true "maxTokenLifeMinutes" : "120",
      "tokenIdleTimeMinutes" : "30"
      }
      },

      2. In authentication.json, set tokenIdleTimeMinutes to 1 and save the file
      3. Login to the OpenIDM UI and continually refresh the page that uses the token

      Expected behavior:
      The token lifespan would last for the entire 120 minutes if the page was continuously being refreshed even before 1 minute intervals.

      Actual behavior:
      The token expires after 1 minute (the value of the tokenIdleTimeMinutes) and not the configured 120 minutes.

        Attachments

          Issue Links

            Activity

              People

              mark.offutt Mark Offutt [X] (Inactive)
              matthias.grabiak Matthias Grabiak
              Jakub Janoska [X] Jakub Janoska [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: