1377422 – Engine should not invoke revoke all on session expiration

Bug 1377422 - Engine should not invoke revoke all on session expiration

Summary: Engine should not invoke revoke all on session expiration

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	AAA
Sub Component:
Version:	4.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ovirt-4.0.5
Target Release:	4.0.5
Assignee:	Ravi Nori
QA Contact:	Gonza
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-19 15:57 UTC by Ravi Nori
Modified:	2017-01-18 07:37 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-01-18 07:37:57 UTC
oVirt Team:	Infra
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.0.z+ mgoldboi: planning_ack+ mperina: devel_ack+ pstehlik: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	64067	0	master	MERGED	engine : Engine should not invoke revoke all on session expiration	2016-09-19 17:10:05 UTC
oVirt gerrit	64195	0	ovirt-engine-4.0	MERGED	engine : Engine should not invoke revoke all on session expiration	2016-09-20 15:51:22 UTC

Description Ravi Nori 2016-09-19 15:57:40 UTC

Description of problem: Session expiration raises an exception in the logs

ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-15) [] OAuthException invalid_scope: The requested scope '[ovirt-ext=revoke:revoke-all]' is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.


Version-Release number of selected component (if applicable): 4.0


How reproducible:


Steps to Reproduce:
1. Login to webadmin
2. Wait for session expiration

Actual results: invalid_scope exception in logs


Expected results: no exception in logs


Additional info:

On session expiration SessionDataContainer should not invoke revoke-all for the token. If there are no other sessions for the token SSO will cleanup the session on revoke.

Comment 1 Gonza 2016-10-13 07:15:01 UTC

Verified with:
rhevm-4.0.5-0.1.el7ev.noarch

only logs found:
2016-10-13 10:10:12,109 INFO  [org.ovirt.engine.core.sso.servlets.OAuthRevokeServlet] (default task-57) [] User admin@internal successfully logged out
2016-10-13 10:10:12,157 INFO  [org.ovirt.engine.core.bll.aaa.TerminateSessionsForTokenCommand] (default task-59) [13582321] Running command: TerminateSessionsForTokenCommand internal: true.

Note You need to log in before you can comment on or make changes to this bug.