Bug 1377422

Summary: Engine should not invoke revoke all on session expiration
Product: [oVirt] ovirt-engine Reporter: Ravi Nori <rnori>
Component: AAAAssignee: Ravi Nori <rnori>
Status: CLOSED CURRENTRELEASE QA Contact: Gonza <grafuls>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: bugs, mgoldboi, mperina, pstehlik
Target Milestone: ovirt-4.0.5Flags: rule-engine: ovirt-4.0.z+
mgoldboi: planning_ack+
mperina: devel_ack+
pstehlik: testing_ack+
Target Release: 4.0.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-18 07:37:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ravi Nori 2016-09-19 15:57:40 UTC 
Description of problem: Session expiration raises an exception in the logs

ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-15) [] OAuthException invalid_scope: The requested scope '[ovirt-ext=revoke:revoke-all]' is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.


Version-Release number of selected component (if applicable): 4.0


How reproducible:


Steps to Reproduce:
1. Login to webadmin
2. Wait for session expiration

Actual results: invalid_scope exception in logs


Expected results: no exception in logs


Additional info:

On session expiration SessionDataContainer should not invoke revoke-all for the token. If there are no other sessions for the token SSO will cleanup the session on revoke.
Comment 1 Gonza 2016-10-13 07:15:01 UTC 
Verified with:
rhevm-4.0.5-0.1.el7ev.noarch

only logs found:
2016-10-13 10:10:12,109 INFO  [org.ovirt.engine.core.sso.servlets.OAuthRevokeServlet] (default task-57) [] User admin@internal successfully logged out
2016-10-13 10:10:12,157 INFO  [org.ovirt.engine.core.bll.aaa.TerminateSessionsForTokenCommand] (default task-59) [13582321] Running command: TerminateSessionsForTokenCommand internal: true.