Hi all, I started working on this new project for *limiting the concurrent active session count for users in WSO2 Identity Server*. This project aims to add a configuration so that *tenant admin, user store admin *or *identity admin* can enforce the maximum sessions for each user belong to a particular *tenant, user store *or* user role*. If a user tries to exceed the maximum session limit, the user will be notified with active session count and will be asked to log out from existing active session manually in order to create a new session.
I was able to come up with user stories[1] for this feature and an initial user story review for this was held on 21st March with Dimuthu, Pulasthim, Menaka, and Myself. Conditional Authentication capabilities of Identity server will be used for the implementing this feature. I hope to create a function to identify the number of active sessions for a particular user. Following problems were selected to discuss further, - A mechanism for identifying maximum session count is needed when more than one session limiting policy is applied. As an example let user Bob belongs to tenant T and user store S. If maximum session count for users in T is M and maximum session count for users in S is N, we need a mechanism to identify the maximum allowed session count (Need to decide whether to use M or N). For that, following things were suggested - Defining a precedence list. - Taking the minimum limit of all policies as the maximum allowed session count. (Minimum of M and N ) - What is the best way to handle new session request when maximum allowed session limit is 1? - If there is a session, close that session and create a new session. - Notify the user about the existing session and ask to end that manually if he want to create a new session. Any comments or suggestions are highly appreciated. [1] https://docs.google.com/document/d/1MwTSI79G7TvgMwIhWpW3tAZ8JRR9VTzqwfvjlOOAke0/edit?usp=sharing <https://docs.google.com/document/d/1MwTSI79G7TvgMwIhWpW3tAZ8JRR9VTzqwfvjlOOAke0/edit?usp=sharing&authuser=0> Regards, Dimuth Menikgama. -- *Dimuth Menikgama* *Software Engineer* *WSO2* *Mobile : + 94 702337977 <%2B%2094%2011%202145345%20%C2%A0Ext.%205737>* * <%2B%2094%2011%202145300>*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture