Red Hat Bugzilla – Bug 1256518
database cleanup/expire procedure
Last modified: 2015-11-19 05:50:57 EST
This bug is created as a clone of upstream ticket:
Currently on the saml2 session database has a background task for cleanup. A generic mechanism is needed to clean up/expire old entries across any database.
The default should be to do nothing as some (e.g. config) don't need cleanup.
This has been fixed upstream in the following commits:
*** Bug 1265261 has been marked as a duplicate of this bug. ***
Per bug 1265261, things are broken in ipsilon-1.0.0-10 so this bugzilla should likely be in ASSIGNED, for fix in the backport.
I installed IPA Server and 2 clients. 1 IPA client setup as IDP server and the other setup as SP.
Create a user and login to a third IPA client workstation with X. Configure firefox for kerberos for the IPA domain.
Setup IDP debug logging:
debug = True
tools.log_request_response.on = True
db.conn.log = True
log.screen = True
Then connect via GSSAPI from workstation as user to SP. Check logs on IDP for scheduled cleanups:
[Wed Oct 14 11:09:53.937544 2015] [:error] [pid 11211] [14/Oct/2015:11:09:53] ENGINE Started monitor thread 'Session cleanup'.
[Wed Oct 14 11:09:53.942111 2015] [:error] [pid 11211] [14/Oct/2015:11:09:53] DEBUG(ipsilon/util/data.py:317 TranStore._schedule_cleanup()): Scheduling cleanups for TranStore
[Wed Oct 14 11:10:53.971045 2015] [:error] [pid 11211] [14/Oct/2015:11:10:53] DEBUG(ipsilon/util/data.py:345 SAML2SessionStore._maybe_run_cleanup()): Cleaned up 0 entries for SAML2SessionStore
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.