Ian D.
Reputation: 31
wso2is session timeouts only working with 'Remember Me', otherwise default to 15 minutes
I have wso2is 5+SP1 setup to persist sessions per https://docs.wso2.com/display/IS500/Enabling+Authentication+Session+Persistence
However, users that have not selected 'Remember Me' will be forced to re-authenticate by wso2is after 15 minutes. These users have their commonAuthId cookie set w/ no expiration time (end of browsing session). Users that have selected 'Remember Me' will get their commonAuthId cookie set with the configured 24 hour expiration time and won't be prompted for re-authorization after 15 minutes.
In both scenarios it appears that session serialization / caching is working correctly, since both commonAuthId values will be stored in the IDN_AUTH_SESSION_STORE table of the backing database.
For the non-RememberMe, the log looks like this:
[2015-07-17 08:16:00,257] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - retrieving authentication request from cache.. {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,258] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Initializing the flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,258] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Framework contextId: 07084e16-7dd9-4726-bf9c-a9a42b06dfe1 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,258] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Starting an authentication flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,259] DEBUG {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl} - Loading Basic Application Data of default {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2015-07-17 08:16:00,260] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - commonAuthId cookie is available with the value: 4536ad78-26f5-44cb-97bb-080dfc319d13 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,260] DEBUG {org.wso2.carbon.caching.impl.CacheImpl} - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2015-07-17 08:16:00,285] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Failed to find the SessionContext from the cache. Possible cache timeout. {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
That last line is the failure of
SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(cookie
.getValue());
in DefaultRequestCoordinator. I'm just not sure why it returns null for non-RememberMe users. In contrast, here's the log from a RememberMe user:
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - retrieving authentication request from cache.. {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Initializing the flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Framework contextId: a6bb7032-e089-4e8f-8ca4-c2f790a767f4 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Starting an authentication flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - commonAuthId cookie is available with the value: c2b28178-ddcb-4156-b258-4e0fb5ffcdb8 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Service Provider is: default {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - A previously authenticated sequence found for the SP: default {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Already authenticated by username: dillon {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
Here's the relevant sections of our identity.xml and web.xml that have the timeouts set. Our datastore is an Oracle db.
identity.xml:
<SessionDataPersist>
<PoolSize>0</PoolSize>
<Enable>true</Enable>
<RememberMePeriod>1440</RememberMePeriod>
<CleanUp>
<Enable>true</Enable>
<Period>30</Period>
<TimeOut>720</TimeOut>
</CleanUp>
<Temporary>false</Temporary>
</SessionDataPersist>
...
<SessionContextCache>
<Enable>true</Enable>
<Capacity>100000</Capacity>
</SessionContextCache>
web.xml
<session-config>
<session-timeout>720</session-timeout>
</session-config>
Upvotes: 3
Views: 692
Answers (1)
Tharindu Bandara
Reputation: 106
In WSO2 IS, you can set the SSO session cookie timeout value in /repository/conf/identity/identity.xml file
you can find the below config.
<TimeConfig>
<SessionIdleTimeout>15</SessionIdleTimeout>
................
Upvotes: 1
Related Questions
- Wso2 saml grant how session timeout will work
- Token Expiry after 15 minutes using WSO2 Identity Server
- What is default WSO2IS user session timeout period
- Unable to limit maximum session on WSO2 Identity Server
- Authentication error because of session timeout on login page of WSO2IS
- Change WSO2AM API token timeouts
- WSO2 login screen timeouts?
- how to config session timeout separately for each service provider in WSO2 identity server?
- WSO2IS: SSO session timeout doesn't work
- WSO2 Authentication, adding/modifing timeout to the RememberMe cookie