davideuler / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Security violation, Session idle time, Only when using HTTPS:// #531

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Opening the PWM login page using HTTPS://

What is the expected output? What do you see instead?
The PWM login page is expected. I receive "PWM 5063
A security violation has occurred. Please try again later. { 5063 
ERROR_SECURITY_VIOLATION (session idle time (42m) is longer than maximum idle 
time age) }" Instead

What version of PWM are you using?
PWM v1.7.0 b1228 

What ldap directory and version are you using?
MS AD 2k8R2

Please paste any error log messages below:
2014-01-30 10:55:15, INFO , localdb.Berkeley_LocalDB, closed (22ms)
2014-01-30 10:55:15, INFO , pwm.PwmApplication, PWM v1.7.0 b1228 (Release) 
closed for bidness, cya!
2014-01-30 10:55:15, INFO , pwm.ContextManager, application restart; shutdown 
completed, now starting new application instance
2014-01-30 10:55:16, WARN , config.ConfigurationReader, configuration settings 
have been modified since the file was saved by pwm
2014-01-30 10:55:16, INFO , localdb.LocalDBFactory, LocalDB open in 184ms, db 
size: 64.41 MB at C:\Program Files\Apache Software Foundation\Tomcat 
7.0\webapps\pwm\WEB-INF\LocalDB, 15.62 GB free
2014-01-30 10:55:16, INFO , util.LocalDBLogger, open in 3ms, events=1513, 
tailAge=15d:1h:42m, maxEvents=1000000, maxAge=28d, localDBSize=64.41 MB
2014-01-30 10:55:16, INFO , pwm.PwmApplication, initializing pwm
2014-01-30 10:55:16, INFO , pwm.PwmApplication, loaded configuration: 
  pwm.selfURL=https://identity.XXX.edu
  pwm.publishStats.siteDescription=Password Management
  interface.theme=tulips
  display.custom.logoImage=http://i.imgur.com/dlOFqPu.gif
  ldap.serverUrls=["ldaps://dc.XXX.edu:636"]
  ldap.serverCerts=[{"expireDate":"Fri Oct 23 13:38:29 PDT 2015","issueDate":"Wed Oct 23 13:28:29 PDT 2013","issuer":"CN\u003dXXuniversity-CERT-CA, DC\u003dXXuniversity, DC\u003dedu","serial":"458677676651438864859141","subject":""}]
  ldap.proxy.username=cn=PWM,ou=service,ou=accounts,dc=XXuniversity,dc=edu
  ldap.proxy.password=**removed**
  ldap.rootContexts=["ou\u003daccounts,dc\u003dXXuniversity,dc\u003dedu","ou\u003dservice,ou\u003daccounts,dc\u003dXXuniversity,dc\u003dedu"]
  ldap.testuser.username=cn=PWM TEST,ou=service,ou=accounts,dc=XXuniversity,dc=edu
  pwmAdmin.queryMatch=(memberOf=cn=PWMADMIN,ou=its,ou=corporate,ou=Users,ou=accounts,dc=XXuniversity,dc=edu)
  email.smtp.address=smtp.XXuniversity.edu
  email.smtp.username=PasswordManager
  email.smtp.userpassword=**removed**
  pwm.securityKey=**removed**
  network.allowMultiIPSession=true
  display.showDetailedErrors=true
  db.classname=com.microsoft.sqlserver.jdbc.SQLServerDriver
  db.url=jdbc:sqlserver://192.168.2.15:1433;DatabaseName=PWM_DB
  db.username=PWM_admin
  db.password=**removed**
2014-01-30 10:55:16, INFO , pwm.PwmApplication, loaded pwm global password 
policy: PwmPasswordPolicy: {MinimumLowerCase=0, MinimumSpecial=0, 
MaximumUpperCase=0, MaximumNumeric=0, MaximumOldChars=0, EnableWordlist=true, 
MinimumLifetime=0, RegExMatch=, MinimumUnique=0, MinimumNonAlpha=0, 
DisallowedAttributes=[cn, givenName, sn], DisallowCurrent=true, 
MinimumStrength=0, AllowNumeric=true, ChangeMessage=, MinimumAlpha=0, 
MaximumLowerCase=0, AllowSpecial=true, ADComplexity=true, MaximumLength=64, 
MaximumRepeat=0, AllowFirstCharNumeric=true, MinimumLength=2, 
MaximumSequentialRepeat=0, AllowLastCharSpecial=true, MinimumNumeric=0, 
MaximumAlpha=0, RegExNoMatch=, MaximumNonAlpha=0, MaximumSpecial=0, 
MinimumUpperCase=0, AllowFirstCharSpecial=true, DisallowedValues=[password, 
test], AllowLastCharNumeric=true}
2014-01-30 10:55:16, INFO , pwm.PwmApplication, using '3EE68DE67B654341' for 
instance's ID (instanceID)
2014-01-30 10:55:16, INFO , pwm.PwmApplication, environment info: 
java.vm.vendor=Oracle Corporation, java.vm.version=24.51-b03, java.vm.name=Java 
HotSpot(TM) 64-Bit Server VM, java.home=C:\Program Files\Java\jre7, 
memmax=1908932608, threads=23, ldapChai API version: 0.6.5, b811
2014-01-30 10:55:16, INFO , pwm.PwmApplication, debug info:, memfree=441693800, 
memallocd=750256128, memmax=1908932608, threads=23
2014-01-30 10:55:16, INFO , wordlist.SharedHistoryManager, open with 0 words 
(1ms), maxAgeMs=28d, oldestEntry=15d:1h:42m
2014-01-30 10:55:16, INFO , pwm.PwmApplication, PWM v1.7.0 b1228 (Release) open 
for bidness! (244ms)
2014-01-30 10:55:16, WARN , pwm.PwmApplication, pwm configuration has been 
modified since last startup
2014-01-30 10:55:16, INFO , pwm.ContextManager, application restart completed
2014-01-30 10:55:26, ERROR, queue.EmailQueueManager, error during email send 
attempt: javax.mail.AuthenticationFailedException: 535 5.7.8 Error: 
authentication failed: authentication failure

2014-01-30 10:55:26, ERROR, queue.EmailQueueManager, error sending email (535 
5.7.8 Error: authentication failed: authentication failure
) from: Alert Notification <noreply@identity.XXuniversity.edu>, to: 
admin@example.com, subject: PWM Alert - Configuration Modification, permanent 
failure, discarding message
2014-01-30 10:55:28, ERROR, queue.EmailQueueManager, error during email send 
attempt: javax.mail.AuthenticationFailedException: 535 5.7.8 Error: 
authentication failed: authentication failure

2014-01-30 10:55:28, ERROR, queue.EmailQueueManager, error sending email (535 
5.7.8 Error: authentication failed: authentication failure
) from: Alert Notification <noreply@identity.XXuniversity.edu>, to: 
admin@example.com, subject: PWM Alert - Startup, permanent failure, discarding 
message
2014-01-30 10:56:22, ERROR, pwm.SessionFilter, 5063 ERROR_SECURITY_VIOLATION 
(session idle time (42m) is longer than maximum idle time age)

Original issue reported on code.google.com by nickmbec...@gmail.com on 30 Jan 2014 at 7:05

GoogleCodeExporter commented 9 years ago
The error in the logs is related to sending mail, not to using https. Please 
explain.

Original comment by menno.pi...@gmail.com on 30 Jan 2014 at 7:46

GoogleCodeExporter commented 9 years ago
I was going to say ignore the mail related errors, the only real line related 
to this is 2014-01-30 10:56:22, ERROR, pwm.SessionFilter, 5063 
ERROR_SECURITY_VIOLATION (session idle time (42m) is longer than maximum idle 
time age)

Original comment by nickmbec...@gmail.com on 30 Jan 2014 at 8:01

GoogleCodeExporter commented 9 years ago
Try clearing your cookies for the PWM site, clear cache and reload. Let me know 
if that helps.

Original comment by menno.pi...@gmail.com on 30 Jan 2014 at 8:14

GoogleCodeExporter commented 9 years ago
I feel like a dunce, Flushdns on the client and the IIS box and it's now 
working fine...

Thanks for the fast response.

Original comment by nickmbec...@gmail.com on 30 Jan 2014 at 8:18

GoogleCodeExporter commented 9 years ago

Original comment by menno.pi...@gmail.com on 30 Jan 2014 at 8:24