1340471 – Automatic logout does not terminate user session

Bug 1340471 - Automatic logout does not terminate user session

Summary: Automatic logout does not terminate user session

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	AAA
Sub Component:
Version:	4.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ovirt-4.0.0-rc
Target Release:	4.0.0
Assignee:	Ravi Nori
QA Contact:	Pavel Novotny
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1340446 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-27 13:33 UTC by Pavel Novotny
Modified:	2016-07-05 07:59 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-05 07:59:54 UTC
oVirt Team:	Infra
Dependent Products:
Flags:	rule-engine: ovirt-4.0.0+ rule-engine: blocker+ pnovotny: testing_plan_complete? rule-engine: planning_ack+ rule-engine: devel_ack+ pnovotny: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1340446	unspecified	CLOSED	'Terminate Session' does not work	2021-02-22 00:41:40 UTC
oVirt gerrit	58398	master	MERGED	aaa : Automatic logout does not terminate user session	2016-06-01 06:33:31 UTC
oVirt gerrit	58479	ovirt-engine-4.0	MERGED	aaa : Automatic logout does not terminate user session	2016-06-02 08:09:21 UTC

Internal Links: 1340446

Description Pavel Novotny 2016-05-27 13:33:32 UTC

Description of problem:
Automatic logout does not terminate user session. Instead it creates a new one, which causes the GUI (Webadmin/User Portal) just to reload back to the portal.


Version-Release number of selected component (if applicable):
ovirt-engine-4.0.0-0.0.master.20160523171412.git1a7a1f3.el7.centos.noarch

How reproducible:
100%

Steps to Reproduce:
1. engine-config -s UserSessionTimeOutInterval=2 && systemctl restart ovirt-engine
2. Log into Webadmin (as admin@internal) and in System tree switch to Active User Sessions. 
3. Note down the Sesion DB Id and then wait ~~2 minutes without doing any action in GUI.

Actual results:
GUI just automatically reloads back to Webadmin. Current user session has new ID.

Expected results:
User session is terminated and user is redirected to login page.

Additional info:
There is another login time limit variable for @internal domain - MAX_LOGIN_MINUTES.
I left it on default and I am not sure how these two settings (UserSessionTimeOutInterval and MAX_LOGIN_MINUTES) should work together.

# ovirt-aaa-jdbc-tool settings show --name MAX_LOGIN_MINUTES
-- setting --
name: MAX_LOGIN_MINUTES
value: 10080
type: class java.lang.Integer
description: session global maximum in minutes. -1 = no limit \n actual value subject to user validity and user allowed hours


engine.log excerpt:
>>>>>>>>>>vvvvv  login to Webadmin, then idle waiting
2016-05-26 17:34:02,579 INFO  [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-30) [] User admin@internal successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access
2016-05-26 17:34:02,735 INFO  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-31) [4f52802f] Running command: CreateUserSessionCommand internal: false.
2016-05-26 17:34:03,857 INFO  [org.ovirt.engine.docs.utils.servlet.ContextSensitiveHelpMappingServlet] (default task-10) [] Context-sensitive help is not installed. Manual directory doesn't exist: /usr/share/ovirt-engine/manual
>>>>>>>>>>vvvvv  here auto logout is (should have been) triggered
2016-05-26 17:36:52,120 INFO  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-28) [6128fe6f] Running command: CreateUserSessionCommand internal: false.
2016-05-26 17:36:53,270 INFO  [org.ovirt.engine.docs.utils.servlet.ContextSensitiveHelpMappingServlet] (default task-19) [] Context-sensitive help is not installed. Manual directory doesn't exist: /usr/share/ovirt-engine/manual
>>>>>>>>>>  back on Webadmin page

Comment 1 Yaniv Kaul 2016-05-29 06:08:34 UTC

Regression from 3.6?

Comment 2 Pavel Novotny 2016-05-30 10:53:27 UTC

(In reply to Yaniv Kaul from comment #1)
> Regression from 3.6?

Yes, auto logout works correctly in 3.6.

Comment 3 Red Hat Bugzilla Rules Engine 2016-05-30 10:53:33 UTC

This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.

Comment 4 Ravi Nori 2016-05-31 18:28:47 UTC

*** Bug 1340446 has been marked as a duplicate of this bug. ***

Comment 5 Martin Perina 2016-06-01 14:50:37 UTC

Moving back to POST, we need to backport patch to ovirt-engine-4.0 branch.

Comment 6 Nikolai Sednev 2016-06-19 15:06:01 UTC

Steel can be reproduced on our environment with these components:
ovirt-engine-setup-plugin-websocket-proxy-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-userportal-4.0.0.4-0.1.el7ev.noarch
ovirt-image-uploader-4.0.0-1.el7ev.noarch
ovirt-vmconsole-proxy-1.0.3-1.el7ev.noarch
ovirt-engine-setup-base-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-websocket-proxy-4.0.0.4-0.1.el7ev.noarch
rhevm-4.0.0.4-0.1.el7ev.noarch
rhevm-dependencies-4.0.0-1.el7ev.noarch
ovirt-iso-uploader-4.0.0-1.el7ev.noarch
ovirt-setup-lib-1.0.2-1.el7ev.noarch
ovirt-engine-cli-3.6.2.0-1.el7ev.noarch
ovirt-host-deploy-java-1.5.0-1.el7ev.noarch
ovirt-engine-dwh-4.0.0-2.el7ev.noarch
ovirt-vmconsole-1.0.3-1.el7ev.noarch
ovirt-engine-lib-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-setup-plugin-ovirt-engine-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-extensions-api-impl-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-webadmin-portal-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-restapi-4.0.0.4-0.1.el7ev.noarch
ovirt-host-deploy-1.5.0-1.el7ev.noarch
ovirt-engine-sdk-python-3.6.5.0-1.el7ev.noarch
ovirt-engine-extension-aaa-jdbc-1.1.0-1.el7ev.noarch
ovirt-engine-dwh-setup-4.0.0-2.el7ev.noarch
rhev-release-4.0.0-14-001.noarch
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-vmconsole-proxy-helper-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-dashboard-1.0.0-20160531git79dac90.el7ev.x86_64
ovirt-engine-backend-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-4.0.0.4-0.1.el7ev.noarch
rhevm-branding-rhev-4.0.0-0.0.master.20160531161414.el7ev.noarch
ovirt-log-collector-4.0.0-1.el7ev.noarch
rhev-guest-tools-iso-4.0-2.el7ev.noarch
rhevm-setup-plugins-4.0.0-1.el7ev.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-tools-backup-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-dbscripts-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-setup-4.0.0.4-0.1.el7ev.noarch
ovirt-engine-tools-4.0.0.4-0.1.el7ev.noarch
rhevm-doc-4.0.0-2.el7ev.noarch
Linux version 3.10.0-327.22.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Mon May 16 13:31:48 EDT 2016
Linux 3.10.0-327.22.1.el7.x86_64 #1 SMP Mon May 16 13:31:48 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.2 (Maipo)

Comment 7 Pavel Novotny 2016-06-20 11:26:54 UTC

Verified in rhevm-4.0.0.5-0.1.el7ev.noarch, ovirt-engine-4.0.0.5-0.1.el7ev.noarch (build 4.0.0-17).

Verified according to reproducer in comment 0.
After user session timeout, the session is terminated and user is logged out and redirected back to the login page.

Comment 8 Sandro Bonazzola 2016-07-05 07:59:54 UTC

oVirt 4.0.0 has been released, closing current release.

Note You need to log in before you can comment on or make changes to this bug.