Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-2985

Provide clear-on-reconnect (dis)connection strategy

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Resolved
    • Priority: Critical
    • Resolution: Won't Do
    • Affects Version/s: Not Applicable
    • Fix Version/s: Not Applicable
    • Component/s: OpenAM
    • Labels:
      None

      Description

      As a route deployer, I want to continue to use cached values while being disconnected from AM, in order to provide a degraded mode where known clients (using entries from the cache) can still function properly. Note that this introduce a risk window where IG can grant access to resources while the presented token may have been revoked on AM (or the policy may have changed on AM).

      Acceptance criteria

      • New value in the strategy selector for both SSO and PEF
      • When disconnected, SSO/CDSSO/PEF continue to return responses in accordance with the cache content
      • Cache is cleared once reconnected in order to force refresh of entries
      • If a token is revoked, or a policy changed while disconnected, IG continue to respond as if the token was still valid
      • Entries expires accordingly to their natural timeout value (so tokens that are to be expired while we're disconnected are naturally removed from the cache)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              laurent.vaills Laurent Vaills
              Reporter:
              guillaume.sauthier Guillaume Sauthier
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: