Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10312

Idle timeout for jwt authentication module is not working

    Details

    • Type: IDM Patch request
    • Status: Closed
    • Priority: Major
    • Resolution: Incomplete
    • Affects Version/s: OpenIDM 5.0.0, OpenIDM 6.0.0
    • Fix Version/s: None
    • Labels:
      None

      Description

      Description:
      When new requests are made IDM is supposed to return a new JWT session cookie with an updated idle timeout, but the corresponding response cookie session-Jwt is not returned to the client. As a result the session always times out after creation time + idle timeout interval.

      Reproduction:
      1. Per IDM 5.0 Intetragors Guide
      18.1.2.1. Supported Session Module.
      https://backstage.forgerock.com/docs/idm/5/integrators-guide/
      OpenIDM includes one supported session module. The JSON Web Token session module configuration specifies keystore information, and details about the session lifespan. The default JWT_SESSION configuration is as follows in the authentication.jsonf file:

      "sessionModule" : {
      "name" : "JWT_SESSION",
      "properties" : {
      "keyAlias" : "&

      Unknown macro:

      {openidm.https.keystore.cert.alias}

      ",
      "privateKeyPassword" : "&

      Unknown macro:

      {openidm.keystore.password}

      ",
      "keystoreType" : "&

      Unknown macro:

      {openidm.keystore.type}

      ",
      "keystoreFile" : "&

      Unknown macro:

      {openidm.keystore.location}

      ",
      "keystorePassword" : "&

      ",
      "sessionOnly" : true "isHttpOnly" : true "maxTokenLifeMinutes" : "120",
      "tokenIdleTimeMinutes" : "30"
      }
      },

      2. In authentication.json, set tokenIdleTimeMinutes to 1 and save the file
      3. Login to the OpenIDM UI and continually refresh the page that uses the token

      Expected behavior:
      The token lifespan would last for the entire 120 minutes if the page was continuously being refreshed even before 1 minute intervals.

      Actual behavior:
      The token expires after 1 minute (the value of the tokenIdleTimeMinutes) and not the configured 120 minutes.

        Attachments

          Activity

            People

            • Assignee:
              mark.offutt Mark Offutt [X] (Inactive)
              Reporter:
              jeremy.barras Jeremy Barras [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: