1340446 – 'Terminate Session' does not work

Bug 1340446 - 'Terminate Session' does not work

Summary: 'Terminate Session' does not work

Keywords:
Status:	CLOSED DUPLICATE of bug 1340471
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	AAA
Sub Component:
Version:	4.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ovirt-4.0.0-rc
Target Release:	---
Assignee:	Ravi Nori
QA Contact:	Petr Matyáš
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-27 12:21 UTC by Jiri Belka
Modified:	2016-05-31 18:28 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-31 18:28:47 UTC
oVirt Team:	Infra
Dependent Products:
Flags:	oourfali: ovirt-4.0.0? rule-engine: blocker? rule-engine: planning_ack? rule-engine: devel_ack? pnovotny: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1340471	0	unspecified	CLOSED	Automatic logout does not terminate user session	2021-02-22 00:41:40 UTC

Internal Links: 1340471

Description Jiri Belka 2016-05-27 12:21:52 UTC

Description of problem:

While having another user except of admin@internal logged-in into engine (admin@internal into Webadmin, a domain user into User Portal), 'Terminate Session' action of the domain user does not causes the user to be logged-off. The domain user's session reappears in the session list in a while as well.

Version-Release number of selected component (if applicable):
ovirt-engine-backend-4.0.0-0.7.master.el7ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. login into Webadmin as admin@internal
2. login to User Portal as a domain user of a "registered" domain (another browser)
3. check 'Active User Sessions' in Webadmin
4. 'Terminate Session' of the domain user (confirm)
5. observe what happens

Actual results:
the domain user is not logged-off from his own browser session
the domain user's session reappears again in the sessions list

Expected results:
the domain user should be forcibly logged-off
the domain user's session should not be present in the sessions list after the action

Additional info:
pnovotny@ said it works ok in 3.6.x

Comment 2 Jiri Belka 2016-05-27 12:25:34 UTC

Not sure if really relevant:

~~~
2016-05-27 12:16:29,490 INFO  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-3) [63187b2b] Running command: CreateUserSessionCommand(Email = null, GroupIds = [], PrincipalName = ad-w2k8r2.com, AdminRequired = false, ProfileName = ad-w2k8r2.example.com, PrincipalId = KqAXTzGX9UaxSaIuawL4ug==, SsoToken = kaID0aHwCx1JlwIbPjCNtHvdpnf9hrSiJ3TTz_nYIcGm6tAbqaGQxAs0VEx7zoROAzQoevTKag2nIJfMfiDr4Q, SourceIp = 10.34.130.216) internal: false.

# grep 'TerminateSessionForTokenCommand' /var/log/ovirt-engine/engine.log | tail -n1
#
~~~

Comment 3 Red Hat Bugzilla Rules Engine 2016-05-30 13:21:53 UTC

This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.

Comment 4 Ravi Nori 2016-05-31 18:28:47 UTC


*** This bug has been marked as a duplicate of bug 1340471 ***

Note You need to log in before you can comment on or make changes to this bug.