Closed SafinWasi closed 1 year ago
When PersonAuthenticationType script is run AS stores data in session. So flipping steps, as well as parameters are bound to session (unauthenticated).
On AS we have configuration "sessionIdUnauthenticatedUnusedLifetime":120
. After 2 minutes of inactivity session is considered as invalid and can be cleaned up.
Immediate actions should be:
sessionIdUnauthenticatedUnusedLifetime
to 1 hour by default: 3600 (or maybe even higher number).
This step will help to get less frustration from end-user to re-enter credentials.
However still user can pass step 1, go for lunch and return back in 2 hours and session will be cleaned up.
Means this step alone does not solve problem. To solve it we need to check session existance in custom script.def prepareForStep(self, configurationAttributes, requestParameters, step):
sessionIdService = CdiUtil.bean(SessionIdService)
sessionId = sessionIdService.getSessionId()
if (sessionId == None):
# redirect directly to Authorization Endpoint or otherwise to RP to re-initiate authorization request
facesService.redirectToExternalURL(redirect_to_authorization)
Long term plan
@SafinWasi please add check as described above to github custom script.
Closing this ticket as solved. 1 and 2 are done. For 3 and 4 opened separate development ticket https://github.com/JanssenProject/jans/issues/4449
Describe the bug After the user has authenticated with the auth server, the session cookies may be cleaned from db after a period of time. If the cookies are still present in browser, the auth server fails to authenticate and throws a
ifUserIsNull
exception. Full stack trace is described below.To Reproduce Steps to reproduce the behavior:
Expected behavior The auth server should handle reauthentication properly.
Screenshots
Desktop (please complete the following information):
Additional context The full exception is such: