Bug 1816991 - Setting accessTokenInactivityTimeoutSeconds does not logout user from web console
Summary: Setting accessTokenInactivityTimeoutSeconds does not logout user from web con...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.3.z
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.5.0
Assignee: Standa Laznicka
QA Contact: pmali
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-25 11:07 UTC by Arnab Ghosh
Modified: 2023-12-15 17:33 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-08-04 18:07:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift api pull 619 0 None closed Bug 1816991: Mark accessTokenInactivitiyTimeoutSecounds deprecated 2021-01-21 20:34:48 UTC
Github openshift cluster-config-operator pull 130 0 None closed Bug 1784151: set additionalPrinterColumns for SCC 2021-01-21 20:34:48 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-08-04 18:07:12 UTC

Comment 3 Venkata Siva Teja Areti 2020-03-30 17:25:22 UTC 
I hope this is not claimed anywhere as it is currently not supported.
Comment 4 Arnab Ghosh 2020-03-31 05:27:12 UTC 
(In reply to vareti from comment #3)
> I hope this is not claimed anywhere as it is currently not supported.

[arghosh@arghosh ~]$ oc get crd oauths.config.openshift.io -oyaml|grep -A 20 'tokenConfig'
            tokenConfig:
              description: tokenConfig contains options for authorization and access
                tokens
              properties:
                accessTokenInactivityTimeoutSeconds:
                  description: 'accessTokenInactivityTimeoutSeconds defines the default
                    token inactivity timeout for tokens granted by any client. The
                    value represents the maximum amount of time that can occur between
                    consecutive uses of the token. Tokens become invalid if they are
                    not used within this temporal window. The user will need to acquire
                    a new token to regain access once a token times out. Valid values
                    are integer values:   x < 0  Tokens time out is enabled but tokens
                    never timeout unless configured per client (e.g. `-1`)   x = 0  Tokens
                    time out is disabled (default)   x > 0  Tokens time out if there
                    is no activity for x seconds The current minimum allowed value
                    for X is 300 (5 minutes)'
                  format: int32
                  type: integer
                accessTokenMaxAgeSeconds:
                  description: accessTokenMaxAgeSeconds defines the maximum age of
                    access tokens
                  format: int32
Comment 5 Standa Laznicka 2020-04-06 07:23:57 UTC 
That's a wrong component, oauth-apiserver hasn't shipped yet, but I understand the confusion.

This feature hasn't worked in 4.x clusters, but there is an RFE - https://issues.redhat.com/browse/RFE-88.

I'll mark the field as deprecated as it should've always been, not sure if the description change makes it to earlier openshift versions though.
Comment 10 Xingxing Xia 2020-05-07 15:37:36 UTC 
If failed QA, move to Assigned instead. "Post" is incorrect, it means the fix PR exists, but just yet still not merged.
If wanting to verify, pls check the latest payload as of wanting to verify, instead of yesterday old payload, because every hours there is newer "latest" payload with newer updates.
Comment 15 errata-xmlrpc 2020-08-04 18:07:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5 image release advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409
Note You need to log in before you can comment on or make changes to this bug.