Project

General

Profile

Actions
Copy link

Defect #610

closed

IdM randomly log out users

Added by Marcel Poul over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jan Helbich
Category:
Authentication / Authorization
Target version:
Citrine (7.3.0)
Start date:
07/27/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

When in GUI I am sometimes logged out. The behaviour seems to be pretty random. It should increase session intervals if the user is working in IdM.

Related issues

Related to IdStory Identity Manager - Defect #521: Logout after role assignmentClosedJan Helbich06/20/2017

Actions
Related to IdStory Identity Manager - Task #646: Random logout continuesClosedJan Helbich08/10/2017

Actions
Actions
Copy link
 #2

Updated by Radek Tomiška over 7 years ago

  • Related to Defect #521: Logout after role assignment added
Actions
Copy link
 #3

Updated by Jan Helbich over 7 years ago

  • Status changed from New to Needs feedback
  • Assignee changed from Jan Helbich to Radek Tomiška

I've found out that role (de)assignment processors did not check authority hierarchy. Example situation:
1. I'm APP_ADMIN
2. role with ROLE_AUTOCOMPLETE is added to me
3. my session is invalidated

I've fixed this case and added supportive test cases for both addition and role removal. Commit fe564b793983a1305ab285102c1d1ac4e5952d24.
Radek, can you do review, please?

Actions
Copy link
 #4

Updated by Jan Helbich over 7 years ago

Should also fix #521.

Actions
Copy link
 #5

Updated by Radek Tomiška over 7 years ago

  • Status changed from Needs feedback to Closed
  • Assignee changed from Radek Tomiška to Jan Helbich
  • % Done changed from 0 to 100

It works and code looks nice, thx!

Actions
Copy link
 #6

Updated by Radek Tomiška over 7 years ago

  • Status changed from Closed to In Progress
  • % Done changed from 100 to 70

I'm sorry, i tested it wrong - i tried to assign new roles to identity with some permission - it works. But if i change role's permission, then i'm still logged out -> admin with APP_ADMIN - add ROLE_READ permission to any assigned role.

Could you pls look at it?

Actions
Copy link
 #7

Updated by Jan Helbich over 7 years ago

Radek Tomiška wrote:

I'm sorry, i tested it wrong - i tried to assign new roles to identity with some permission - it works. But if i change role's permission, then i'm still logged out -> admin with APP_ADMIN - add ROLE_READ permission to any assigned role.

Could you pls look at it?

That was originally the desired behavior - checking all user's privileges would consume so much time so we settled with logging out all users in the updated role.

Actions
Copy link
 #8

Updated by Radek Tomiška over 7 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 70 to 100

I'm sorry, ok, i'm closing this ticket. We can improve this mechanism in future (but is different story:)).

Actions
Copy link
 #9

Updated by Jan Helbich over 7 years ago

  • Related to Task #646: Random logout continues added
Actions
Copy link

Also available in: Atom PDF