[OPENAM-10603] Login page error "Maximum sessions limit reached or session quota has exhausted" with restricted tokens and session quotas Created: 12/Feb/17  Updated: 07/May/18  Resolved: 21/Feb/18

Status: Resolved
Project: OpenAM
Component/s: authentication, cdsso, j2ee agents
Affects Version/s: 13.5.0
Fix Version/s: 13.5.2

Type: Bug Priority: Major
Reporter: Andrew Dunn [X] (Inactive) Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

AM 13.5.0
J2EE Agent 3.5.1


Issue Links:
Duplicate
duplicates OPENAM-10332 Quota constraints exceeded - Interim Fix Resolved
Relates
is related to OPENAM-10513 Restricted tokens fails randomly and ... Closed
Sprint: AM Sustaining Sprint 48
Story Points: 5
Needs backport:
No
Support Ticket IDs:
Needs QA verification:
No
Functional tests:
No
Are the reproduction steps defined?:
Yes and I used the same an in the description

 Description   

With restricted tokens and session quotas enabled, upon hitting their quota a user will see an error page at login:

Maximum sessions limit reached or session quota has exhausted.
Contact your system administrator."

To reproduce:
1. Setup as per OPENAM-10513
2. Enable session quota with DESTROY_NEXT_EXPIRING
3. Reach the quota.

Session debug:

amSession:02/12/2017 08:25:55:063 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
Local destroy for AQIC5wM2LY4SfczEq1ZPwN4lfF-E18JGRB8wbrzqZHbbvQU.*AAJTSQACMDIAAlNLABQtMzA5MzE3NDk0NTc3NDYyMzgzMAACUzEAAjAx*
amSession:02/12/2017 08:25:55:063 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
Failed to destroy the next expiring session.
com.iplanet.dpro.session.SessionException: java.lang.NullPointerException
        at com.iplanet.dpro.session.Session.destroySession(Session.java:799)
        at org.forgerock.openam.session.service.DestroyNextExpiringAction.action(DestroyNextExpiringAction.java:73)
        at com.iplanet.dpro.session.service.SessionConstraint.checkQuotaAndPerformAction(SessionConstraint.java:178)
        at com.iplanet.dpro.session.service.InternalSession.activate(InternalSession.java:1132)
        at com.iplanet.dpro.session.service.InternalSession.activate(InternalSession.java:1105)
        at com.sun.identity.authentication.service.DefaultSessionActivator.activateSession(DefaultSessionActivator.java:127)
        at com.sun.identity.authentication.service.DefaultSessionActivator.updateSessions(DefaultSessionActivator.java:107)
        at com.sun.identity.authentication.service.DefaultSessionActivator.activateSession(DefaultSessionActivator.java:69)
        at com.sun.identity.authentication.service.LoginState.activateSession(LoginState.java:1146)
        at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:636)
        at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:617)
        at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1370)
        at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:856)
        at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519)
        at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
        at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
        at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:131)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
        at java.util.concurrent.ConcurrentHashMap.hash(ConcurrentHashMap.java:333)
        at java.util.concurrent.ConcurrentHashMap.remove(ConcurrentHashMap.java:1175)
        at org.forgerock.openam.utils.SingleValueMapper.remove(SingleValueMapper.java:96)
        at com.iplanet.dpro.session.service.InternalSessionCache.remove(InternalSessionCache.java:120)
        at com.iplanet.dpro.session.service.SessionService.removeInternalSession(SessionService.java:466)
        at com.iplanet.dpro.session.service.SessionService.destroyInternalSession(SessionService.java:774)
        at com.iplanet.dpro.session.service.SessionService.destroySession(SessionService.java:920)
        at com.iplanet.dpro.session.operations.strategies.LocalOperations.destroy(LocalOperations.java:99)
        at com.iplanet.dpro.session.monitoring.MonitoredOperations.destroy(MonitoredOperations.java:79)
        at com.iplanet.dpro.session.Session.destroySession(Session.java:797)
        ... 50 more

amSession:02/12/2017 08:25:55:064 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
SessionConstraint.checkQuotaAndPerformAction: Session quota exhausted.
amSession:02/12/2017 08:25:55:064 PM GMT: Thread[http-bio-8080-exec-4,5,main]: TransactionId[9160ad1f-174f-41e5-92ad-ee79fee2de2b-494]
Session Quota exhausted!

Note: not reproducible with 11.0.3 and J2EE 3.5.1



 Comments   
Comment by Andrew Dunn [X] (Inactive) [ 01/Mar/17 ]

Not reproducible with 14.0.0-M20 and J2EE 3.5.1

Generated at Sat Oct 24 00:46:55 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.