Bug 1657193 - Timeout configuration is not working as defined in the product documentation.
Summary: Timeout configuration is not working as defined in the product documentation.
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: pki-core
Version: 8.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: RHCS Maintainers
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-07 11:59 UTC by Amol K
Modified: 2020-02-11 00:53 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Amol K 2018-12-07 11:59:59 UTC
Description of problem:
I tried to setup web UI session timeout as mentioned in the documenation[1]. But when I restart the system it throws the Subsystem unavailable exception.

[1] https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/configuring_session_timeouts

Version-Release number of selected component (if applicable):
10.5.9-7.el7_6

How reproducible:
Always

Steps to Reproduce:
1. In doc path is different but I tried with the following way:
  cp /var/lib/pki/topology-ecc-CA/conf/web.xml /var/lib/pki/topology-ecc-CA/ca/
2. Edit /var/lib/pki/topology-ecc-CA/ca/web.xml and set timeout parameter
3. Edit /etc/pki/topology-ecc-CA/Catalina/localhost/ca.xml and add the following text: 
<Context docBase="/var/lib/pki/topology-ecc-CA/webapps/ca" crossContext="true" allowLinking="true">
...
<Context>
4. chown -R pkiuser:pkiuser /var/lib/pki/topology-ecc-CA/webapps
5. Restart the server

Actual results:
cat /var/log/pki/topology-ecc-CA/localhost.2018-12-07.log

SEVERE: Exception Processing /ca/agent/ca
javax.ws.rs.ServiceUnavailableException: Subsystem unavailable
        at com.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:145)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:500)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)



Expected results:
Server should start and web GUI session timeout should end in specified time.

Additional info:

Comment 2 Christina Fu 2020-02-11 00:53:29 UTC
Please see 9.4.1.3. Session Timeout of https://www.niap-ccevs.org/MMO/Product/st_10831-agd2.pdf

The regular (non-CC) guide will contain this same section once we are done integrating the docs.


Note You need to log in before you can comment on or make changes to this bug.