Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-5778

sessionInfo requests can lead to a build up of agent tokens being created

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 7.0.0, 7.0.1, 7.0.2, 7.1.0
    • 7.1.1, 7.2.0
    • Toolkit
    • IG being used with the SingleSignOnFilter
    • 2021.10 - IG / Microservices
    • 3

    Description

      As part of the work inĀ OPENIG-3197, the agent token was added to the getSessionInfo request sent to AM to make requesting additional session attributes not require additional configuration on the AM side (whitelisting).

      The getSessionInfo call utilises the HeadlessAuthenticationFilter to inject the agent token which has the side-effect of reacting to 401 responses and generating a new agent token as a result. The 401 response is returned when the user token is not valid which occurs as a result of the user's session being expired/logged out in AM.

      Unfortunately the getSessionInfo endpoint still works when the agent token is expired but the user token is still valid, it just returns a limited set of session properties.

      The process of adding the agent token needs to be maintained but the mechanism to react to agent token creation/validation needs to be reworked.

      Attachments

        Issue Links

          Activity

            People

              markdr Mark de Reeper
              markdr Mark de Reeper
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: