Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2589

Elytron SSO does not expire other application sessions for session invalidation like Undertow SSO promptly following sessionid change

XMLWordPrintable

      Previously using Undertow SSO as shown here, all sessions associated with an SSO id would be invalidated when one session associated with it is manually invalidated.

      This is quite different with Elytron SSO. It is trying to make a call back to attempt a logout of other participant sessions, but that does not work if that call back URI happens to be protected. For instance, this trace shows a logout call back being attempted but being given the FORM login page response:

      2023-09-05 13:39:39,871 DEBUG [io.undertow.request] (default I/O-4) Matched prefix path /app2 for path /app2/session.jsp
      2023-09-05 13:39:39,872 TRACE [io.undertow.server.handlers.resource.PathResourceManager] (default I/O-4) Found path resource session.jsp from path resource manager with base /home/aogburn/code/03598968/wildfly-29.0.1.Final/standalone/deployments/ssotest.ear/app2.war/
      2023-09-05 13:39:39,872 TRACE [org.wildfly.security.http.servlet] (default task-2) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /app2
      2023-09-05 13:39:39,872 DEBUG [io.undertow.request.security] (default task-2) Security constraints for request /app2/session.jsp are [SingleConstraintMatch{emptyRoleSemantic=PERMIT, requiredRoles=[user]}]
      2023-09-05 13:39:39,873 DEBUG [io.undertow.request.security] (default task-2) Authenticating required for request HttpServerExchange{ POST /app2/session.jsp}
      2023-09-05 13:39:39,873 DEBUG [io.undertow.request.security] (default task-2) Setting authentication required for exchange HttpServerExchange{ POST /app2/session.jsp}
      2023-09-05 13:39:39,873 TRACE [org.wildfly.security.http.servlet] (default task-2) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /app2
      2023-09-05 13:39:39,873 TRACE [org.wildfly.security.http.servlet] (default task-2) JASPIC Unavailable, using HTTP authentication.
      2023-09-05 13:39:39,873 TRACE [org.wildfly.security] (default task-2) No CachedIdentity to restore.
      2023-09-05 13:39:39,873 TRACE [org.wildfly.security] (default task-2) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@4911d3ee] for mechanism [FORM]
      2023-09-05 13:39:39,873 TRACE [io.undertow.request] (default task-2) Created form encoded parser for HttpServerExchange{ POST /app2/session.jsp}
      2023-09-05 13:39:39,876 TRACE [org.wildfly.security] (default task-2) Handling SocketAddressCallback
      2023-09-05 13:39:39,878 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
      2023-09-05 13:39:39,878 TRACE [org.wildfly.security.http.form] (default task-2) Trying to re-authenticate. There is no session attached to the following request. Request URI: [http://localhost:8080/app2/session.jsp], Context path: [/app2]
      2023-09-05 13:39:39,883 TRACE [org.wildfly.security] (default task-2) Handling CachedIdentityAuthorizeCallback: principal = null  authorizedIdentity = null
      2023-09-05 13:39:39,887 TRACE [io.undertow.session] (default task-2) Setting session cookie session id RSl5cd8acyAlWt0ctW16ZadKbxc1nqPQs_4WuzRr.aogburn on HttpServerExchange{ POST /app2/session.jsp}
      2023-09-05 13:39:39,888 TRACE [io.undertow.server.handlers.resource.PathResourceManager] (default task-2) Found path resource login.html from path resource manager with base /home/aogburn/code/03598968/wildfly-29.0.1.Final/standalone/deployments/ssotest.ear/app2.war/
      2023-09-05 13:39:39,891 TRACE [io.undertow.server.HttpServerExchange] (default task-2) Starting to write response for HttpServerExchange{ POST /app2/login.html}
      2023-09-05 13:39:39,901 DEBUG [org.wildfly.security] (default task-1) Destroying SSO [5aaZDwrjfhHkHzSjQrtxpf91NDx5rOzH8Gcb92Yf]. Participant list not empty.
      

              fjuma1@redhat.com Farah Juma
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: