[Architecture] [RRT] Limiting the Concurrent active session count for users in WSO2 Identity Server

Mon, 26 Mar 2018 22:01:31 -0700 

Hi all,

I started working on this new project for *limiting the concurrent active
session count for users in WSO2 Identity Server*. This project aims to add
a configuration so that *tenant admin, user store admin *or *identity admin*
can enforce the maximum sessions for each user belong to a particular *tenant,
user store *or* user role*. If a user tries to exceed the maximum session
limit, the user will be notified with active session count and will be
asked to log out from existing active session manually in order to create a
new session.

I was able to come up with user stories[1] for this feature and an initial
user story review for this was held on 21st March with Dimuthu, Pulasthim,
Menaka, and Myself.

Conditional Authentication capabilities of Identity server will be used for
the implementing this feature. I hope to create a function to identify the
number of active sessions for a particular user.

Following problems were selected to discuss further,


   -

   A mechanism for identifying maximum session count is needed when more
   than one session limiting policy is applied. As an example let user Bob
   belongs to tenant T and user store S. If maximum session count for users in
   T is M and maximum session count for users in S is N, we need a mechanism
   to identify the maximum allowed session count (Need to decide whether to
   use M or N). For that, following things were suggested
   -

      Defining a precedence list.
      -

      Taking the minimum limit of all policies as the maximum allowed
      session count. (Minimum of M and N )



   -

   What is the best way to handle new session request when maximum allowed
   session limit is 1?
   -

      If there is a session, close that session and create a new session.
      -

      Notify the user about the existing session and ask to end that
      manually if he want to create a new session.


Any comments or suggestions are highly appreciated.

[1]
https://docs.google.com/document/d/1MwTSI79G7TvgMwIhWpW3tAZ8JRR9VTzqwfvjlOOAke0/edit?usp=sharing
<https://docs.google.com/document/d/1MwTSI79G7TvgMwIhWpW3tAZ8JRR9VTzqwfvjlOOAke0/edit?usp=sharing&authuser=0>

Regards,

Dimuth Menikgama.


-- 

*Dimuth Menikgama*

*Software Engineer*
*WSO2*


*Mobile :      + 94 702337977 <%2B%2094%2011%202145345%20%C2%A0Ext.%205737>*

* <%2B%2094%2011%202145300>*

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to