Bug 1459987

New commit detected on ManageIQ/manageiq/fine:
https://github.com/ManageIQ/manageiq/commit/e201995ab0a9e6df7837866ad43e6b7557d6c003

commit e201995ab0a9e6df7837866ad43e6b7557d6c003
Author:     Alberto Bellotti <abellotti.github.com>
AuthorDate: Thu May 18 21:12:43 2017 -0400
Commit:     Satoe Imaishi <simaishi>
CommitDate: Thu Jun 8 14:26:53 2017 -0400

    Merge pull request #15124 from imtayadeway/api/token-manager-token-ttl
    
    Make TokenManager#token_ttl callable (evaluated at call time)
    (cherry picked from commit e35b6c20838e9d63fc6ab8c90ad94a4e8210a4a3)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1459987

 lib/services/api/user_token_service.rb |  4 ++--
 lib/token_manager.rb                   | 20 ++++++++++++--------
 spec/lib/token_manager_spec.rb         | 24 ++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 10 deletions(-)
 create mode 100644 spec/lib/token_manager_spec.rb

Tested on MIQLDAP (AD, FreeIPA, OpenLDAP) External Auth (AD, FreeIPA).  SSUI didn't seem to time out. Set timeout for 5 mins, waited 6-7 mins each time. Classic UI timed out, but SSUI never did.

Setting this back to ON_DEV as it doesn't seem to work.

Matt,

From what I understand the SSUI polls the backend every 5 minutes for any updates. So in theory, it could take in the worst case 10 minutes for your session to timeout immediately after changing.

This bug is really concerned with the core of the application - if you believe there to be an issue still with one of the consumers or the API we should probably open a separate issue for that.

This timeout worked fine when I verified the original bug. https://bugzilla.redhat.com/show_bug.cgi?id=1443166  Now maybe I got lucky verifying it?  But as I understood things, I thought we had a fix for SSUI polling every 5 mins.

Matt, 

That BZ was concerned with the SSUI erroneously refreshing the token (and hence extending the ttl) on every request.

It seems that you have already verified this works independently of the SSUI. If you have an issue with the SSUI can you either open a new ticket for that, or reassign to someone from the SSUI team?

SUI polls every 5 minutes but all polling has been excluded from causing the SUI session to stay alive.  If things aren't working then we would need the API team to help instruct our testing team on what to look for in the logs that indicate the session timeout changed without having to manually reboot the manageiq server process.  If testing says that everything looks like it should in logs etc, then the SUI team can help testing look again at this issue.

Per Chris Kacerguis Open regression bug due to SSUI not timing out https://bugzilla.redhat.com/show_bug.cgi?id=1468000.  Hold on QA, till he has time to sort things out with SSUI and API teams.

https://github.com/ManageIQ/manageiq/pull/15734

Verified 5.8.2.0 due the the SSUI timeout session bug. But I'd really like to be able to verify this via the logs, seeing something logged, or some way to tell via the system.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3005

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days