Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-2969

For user-limit to fetch token calculation includes enabled and disabled SSO token count as well, causing failure in generating the JWT token from token gen page

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.1.0
    • 2.1.0
    • TokenGenerationUI
    • None

    Description

      PROBLEM STATEMENT:{color}
      For token limit on a user calculation includes enabled and disabled SSO token as well, causing failure in generating the JWT token from token gen page

      BUILDS:
      2.1.0
       
      STEPS TO REPRODUCE:
       # Deploy ycloud cluster with above gbn.
       # Configure below from CM UI
       # knox.global.logout.page.url=https://**********,  knoxsso_cookie_management_enabled - enable gateway.knox.token.management.users.can.see.all.tokens = hrt_qa, hrt_1 
       # Access knox home page using hrt_22 user 
       # Disable the hrt_22 SSO token from hrt_qa token management page
       # Repeat operation 4-5 for 15 times 
       # Now login to token generation page using hrt_22 user
       # Generate the jwt token

      CURRENT BEHAVIOUR:
      Token generation fails saying user limit exceeded , though not even one non-sso token is generated by hrt_22 user

      EXPECTED BEHAVIOUR:
      SSO token should not be considered for per user limit to generate the token calculation . 
      Even though we have 15+ SSO tokens (in enabled/disabled state) , user should be able to generate 10 tokens as "gateway.knox.token.limit.per.user" default value is 10

      OCCURRENCE:
      Reproducible

      IMPACT:
      If multiple SSO token for user is available then user will not be able to generate jwt token from token generation page

      Attachments

        1. image-2023-10-18-12-46-28-490.png
          465 kB
          J.Andreina
        2. image-2023-10-18-12-45-47-121.png
          413 kB
          J.Andreina
        3. image-2023-10-18-12-45-37-741.png
          413 kB
          J.Andreina

        Issue Links

          is caused by

          New Feature - A new feature of the product, which has yet to be developed. KNOX-2961 KnoxSSO Token Invalidation

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #805

          Activity

            People

              smolnar Sandor Molnar
              andreina J.Andreina
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m