Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10286

Idle timeout for JWT authentication module is not working

    Details

      Description

      Description:
      When new requests are made IDM is supposed to return a new JWT session cookie with an updated idle timeout, but the corresponding response cookie session-Jwt is not returned to the client. As a result the session always times out after creation time + idle timeout interval.

      Reproduction:
      1. Per IDM 5.0 Intetragors Guide
      18.1.2.1. Supported Session Module.
      https://backstage.forgerock.com/docs/idm/5/integrators-guide/
      OpenIDM includes one supported session module. The JSON Web Token session module configuration specifies keystore information, and details about the session lifespan. The default JWT_SESSION configuration is as follows in the authentication.jsonf file:

      "sessionModule" : {
      "name" : "JWT_SESSION",
      "properties" : {
      "keyAlias" : "&

      Unknown macro: {openidm.https.keystore.cert.alias}

      ",
      "privateKeyPassword" : "&

      Unknown macro: {openidm.keystore.password}

      ",
      "keystoreType" : "&

      Unknown macro: {openidm.keystore.type}

      ",
      "keystoreFile" : "&

      Unknown macro: {openidm.keystore.location}

      ",
      "keystorePassword" : "&

      ",
      "sessionOnly" : true "isHttpOnly" : true "maxTokenLifeMinutes" : "120",
      "tokenIdleTimeMinutes" : "30"
      }
      },

      2. In authentication.json, set tokenIdleTimeMinutes to 1 and save the file
      3. Login to the OpenIDM UI and continually refresh the page that uses the token

      Expected behavior:
      The token lifespan would last for the entire 120 minutes if the page was continuously being refreshed even before 1 minute intervals.

      Actual behavior:
      The token expires after 1 minute (the value of the tokenIdleTimeMinutes) and not the configured 120 minutes.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mark.offutt Mark Offutt
                Reporter:
                matthias.grabiak Matthias Grabiak
                QA Assignee:
                Jakub Janoska
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: