Bug 1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z]
Summary: CC: Simplifying Web UI session timeout configuration [rhel-7.6.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.7
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Endi Sukma Dewata
QA Contact: Asha Akkiangady
Marc Muehlfeld
URL:
Whiteboard:
Depends On: 1658293
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-17 08:57 UTC by RAD team bot copy to z-stream
Modified: 2019-01-29 17:22 UTC (History)
6 users (show)

Fixed In Version: pki-core-10.5.9-10.el7_6
Doc Type: Bug Fix
Doc Text:
Previously, the pki-core package installed multiple web.xml files. To configure a HTTP session timeout, the session-timeout parameter had to be set in each of these files. To simplify the configuration, the session-timeout parameter has been removed from the files installed by the pki-core package and is now available only in the /etc/pki/<instance_name>/web.xml file. As a result, administrators need only to configure the HTTP session timeout in this one file.
Clone Of: 1658293
Environment:
Last Closed: 2019-01-29 17:21:57 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0168 None None None 2019-01-29 17:22:00 UTC

Description RAD team bot copy to z-stream 2018-12-17 08:57:13 UTC
This bug has been copied from bug #1658293 and has been proposed to be backported to 7.6 z-stream (EUS).

Comment 2 Matthew Harmsen 2018-12-17 22:49:02 UTC
DOGTAG_10_5_9_RHEL_BRANCH:

commit fe72b8b6947ee1f842fc1eed986fcbff757ae309
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Fri Dec 14 13:16:39 2018 -0500

    Added docs on session timeout (#125)
    
    https://pagure.io/dogtagpki/issue/3084
    (cherry picked from commit 359c05060953cd9124e616067ed545b3b32cb943)

commit 05ebd730708f4dd6b59c667535fef0808e0e0468
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Tue Dec 11 08:17:20 2018 +0100

    Simplifying Web UI session timeout configuration
    
    The web.xml files for PKI webapps have been modified to remove
    hard-coded <session-timeout> parameters. The webapps will now
    use the timeout defined in /etc/pki/<instance>/web.xml.
    
    Unused web.xml files have been removed as well.
    
    https://pagure.io/dogtagpki/issue/3084
    (cherry picked from commit 30a47907af087a9d2f7739e8d577d7cdd28de18b)


NOTE:  Commit fe72b8b6947ee1f842fc1eed986fcbff757ae309 is not included in any RPM,
       as it is not a part of the pki-core-10.5.9.tar.gz source tarball.
       It's contents is viewable in the upstream git repo:
       * https://github.com/dogtagpki/pki/blob/DOGTAG_10_5_BRANCH/docs/admin/Session_Timeout.md

Comment 3 Matthew Harmsen 2018-12-17 22:49:54 UTC
TEST PROCEDURE:

* see https://bugzilla.redhat.com/show_bug.cgi?id=1658293#c3

Comment 7 Pritam Singh 2019-01-09 11:32:51 UTC
RHEL Version:
[root@auto-hv-01-guest01 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.7 Beta (Maipo)

Pki Version:
[root@auto-hv-01-guest01 ~]# pki --version
PKI Command-Line Interface 10.5.9-10.el7_6

Version of Firefox verified on:
[root@auto-hv-01-guest01 ~]# firefox --version
Mozilla Firefox 60.4.0

Steps of Verification:
https://bugzilla.redhat.com/show_bug.cgi?id=1658293#c3

CA Audit log:

[root@auto-hv-01-guest01 ~]# tail -f /var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit

0.http-bio-8443-exec-5 - [09/Jan/2019:04:30:14 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success] access session establish success
0.http-bio-8443-exec-17 - [09/Jan/2019:04:30:14 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success] access session establish success
0.http-bio-8443-exec-17 - [09/Jan/2019:04:30:17 EST] [14] [6] [AuditEvent=AUTH][SubjectID=caadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
0.http-bio-8443-exec-22 - [09/Jan/2019:04:30:17 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success] access session establish success

0.http-bio-8443-exec-22 - [09/Jan/2019:04:31:18 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
0.http-bio-8443-exec-5 - [09/Jan/2019:04:31:18 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
0.http-bio-8443-exec-17 - [09/Jan/2019:04:31:18 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

0.http-bio-8443-exec-2 - [09/Jan/2019:04:31:27 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success] access session establish success
0.http-bio-8443-exec-10 - [09/Jan/2019:04:31:27 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success] access session establish success

0.http-bio-8443-exec-2 - [09/Jan/2019:04:32:27 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
0.http-bio-8443-exec-10 - [09/Jan/2019:04:32:27 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated


0.http-bio-8443-exec-8 - [09/Jan/2019:04:33:37 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success] access session establish success
0.http-bio-8443-exec-19 - [09/Jan/2019:04:33:37 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success] access session establish success
0.http-bio-8443-exec-19 - [09/Jan/2019:04:33:37 EST] [14] [6] [AuditEvent=AUTH][SubjectID=caadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success

0.http-bio-8443-exec-19 - [09/Jan/2019:04:34:39 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
0.http-bio-8443-exec-8 - [09/Jan/2019:04:34:39 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.19.34.100][ServerIP=10.19.34.100][SubjectID=CN=PKI Administrator,E=caadmin@idmqe.lab.eng.bos.redhat.com,OU=pki-tomcat,O=idmqe.lab.eng.bos.redhat.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated


Hence, Marking this bugzilla as verified.

Pastebin: http://pastebin.test.redhat.com/692736

Comment 9 errata-xmlrpc 2019-01-29 17:21:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0168


Note You need to log in before you can comment on or make changes to this bug.