[OPENAM-13940] Session quota limits not applied when using trees Created: 08/Nov/18 Updated: 25/Nov/20 Resolved: 13/Dec/18
|Component/s:||authentication, session, trees|
|Affects Version/s:||184.108.40.206, 6.5.0|
|Fix Version/s:||220.127.116.11, 6.5.1, 7.0.0|
|Reporter:||Simon Moffatt||Assignee:||Kajetan Hemzaczek|
|Labels:||AME, Must-Fix, Tesla|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Attachments:||Image 26-11-2018 at 15.43.jpg|
|Sprint:||2018.16 - Tin|
|Support Ticket IDs:|
|Needs QA verification:||
|Are the reproduction steps defined?:||
Yes and I used the same an in the description
Session quota limits are not applied when authenticating via trees, only via chains/modules.
Details steps outlining how to recreate the issue (remove this text)
Log in via chains/modules.
|Comment by Sam Phua [ 09/Nov/18 ]|
A simple test case to run the rest calls against tree and chains/module
|Comment by Kajetan Hemzaczek [ 26/Nov/18 ]|
getUniversalId can become protected and then the new line:
can be added to the NewSessionCreator.create method.
This is enough to enforce session quote when a new session is created.
When no more sessions can be created the next login fails and "Session quota exhausted" message appear on the login screen.
This code is executed from SuccessProcessTreeResult so after the authenticationTree engine successfully authenticated a user. This means that the tree execution is already finished. Also Success node cannot have a failure outcome
|Comment by Filip Kubáň [X] (Inactive) [ 10/Jan/19 ]|
Verified on ForgeRock Access Management 18.104.22.168-RC1 Build d901475564 (2019-January-10 06:24)
message about reaching session limit appears