Bug 1397583 - Limit simultaneous sessions
Summary: Limit simultaneous sessions
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Michal Fojtik
QA Contact: Xiaoli Tian
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-22 21:12 UTC by Michael Epley
Modified: 2019-06-12 11:59 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-12 11:59:13 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Michael Epley 2016-11-22 21:12:23 UTC 
Description of problem:

Openshift allows a user to log into the system an unlimited numbfer of times. Openshift should limit the number of logins that are allowed for a given user, both within the CLI and the web interface. Ideally Openshift should limit the number of OAuth tokens that can be simultaneously issued to a given identity as well as the number of web sessions allowed from a given identity. It should allow the number of simultaneous tokens/web sessions to be limited by the user group (ideally a max of 3 for non-adminstrator users and 2 for administrative user) or identity. This is a requirement of NIST 800-53 AC-10.


Version-Release number of selected component (if applicable):

OCP 3.3

How reproducible:

Perfectly. 

Steps to Reproduce:
1.  Access the web interface of an OCP cluster configured via default settings, using multiple browsers/tabs.
2.  Access is allowed in all sessions.

Actual results:
Access is allowed in all sessions.

Expected results:
The user should be denied access (perhaps redirected to an error page) if too many token/sessions are currently active; or access may be allowed and the oldest token/session should expire.

Additional info:
Comment 1 Simo Sorce 2017-10-26 14:58:58 UTC 
This is something we may not be able to do, unless it is limited to just the web console, is that the case.
Comment 5 Kirsten Newcomer 2019-06-12 11:59:13 UTC 
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers.  Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant.

This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. 

If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new 

Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new 

As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.
Note You need to log in before you can comment on or make changes to this bug.