Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2332

ElytronSessionTokenStore#logoutHttpSessions() does not work as expected due to UNDERTOW-2159

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • RH-SSO-7.6.1
    • Adapters - JBoss EAP
    • None
    • False
    • None
    • False
    • Hide

      Do backchannel logout with RH-SSO 7.6.1 and EAP 7.4.8 with EAP adapter.

      Show
      Do backchannel logout with RH-SSO 7.6.1 and EAP 7.4.8 with EAP adapter.

      ElytronSessionTokenStore#logoutHttpSessions() passes null for the first argument of InMemorySessionManager.getSession() at the line 226.

      rh-sso-7.6.1.GA-src/org.keycloak-keycloak-parent-18.x/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/ElytronSessionTokenStore.java:

       218   │     @Override
 219   │     public void logoutHttpSessions(List<String> ids) {
 220   │         HttpServerExchange exchange = ProtectedHttpServerExchange.class.cast(httpFacade.getScope(Scope.EXCHANGE).getAttachment(UNDERTOW_EXCHANGE)).getExchange();
 221   │         ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
 222   │         SessionManager sessionManager = servletRequestContext.getDeployment().getSessionManager();
 223   │ 
 224   │         for (String id : ids) {
 225   │             // TODO: Workaround for WFLY-3345. Remove this once we fix KEYCLOAK-733. Same applies to legacy wildfly adapter.
 226   │             Session session = sessionManager.getSession(null, new SessionConfig() {

      InMemorySessionManager.getSession() always returns null when the 1st arg is null.
      Therefore, backchannel logout does not work.

      This issue is observed in EAP 7.4.8 and not observed in EAP 7.4.6.
      There are differences of the 2 lines added for UNDERTOW-2159:

      --- 746/src/undertow-core-2.2.18.SP2-redhat-00001-sources.jar/io/undertow/server/session/InMemorySessionManager.java    2022-09-08 10:26:36.726793184 +0900
+++ 748/src/undertow-core-2.2.20.SP1-redhat-00001-sources.jar/io/undertow/server/session/InMemorySessionManager.java    2023-01-16 13:27:22.308742100 +0900
@@ -225,14 +225,16 @@
     @Override
     public Session getSession(final HttpServerExchange serverExchange, final SessionConfig config) {
         if (serverExchange != null) {
             SessionImpl newSession = serverExchange.getAttachment(NEW_SESSION);
             if(newSession != null) {
                 return newSession;
             }
+        } else {
+            return null;
         }
         String sessionId = config.findSessionId(serverExchange);
         InMemorySessionManager.SessionImpl session = (SessionImpl) getSession(sessionId);
         if(session != null && serverExchange != null) {
             session.requestStarted(serverExchange);
         }
         return session;

      References:
      https://issues.redhat.com/browse/UNDERTOW-2159
      https://github.com/undertow-io/undertow/pull/1373

            Unassigned Unassigned
            rhn-support-hokuda Hisanobu Okuda
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: