[jira] [Work logged] (KNOX-3005) Implement Knox idle session time

Fri, 02 Feb 2024 05:25:37 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-3005?focusedWorklogId=903343&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-903343
 ]

ASF GitHub Bot logged work on KNOX-3005:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 02/Feb/24 13:24
            Start Date: 02/Feb/24 13:24
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #839:
URL: https://github.com/apache/knox/pull/839#discussion_r1476056974


##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java:
##########
@@ -197,7 +204,7 @@ private void sendRedirectToLoginURL(HttpServletRequest 
request, HttpServletRespo
 
   @Override
   protected void handleValidationError(HttpServletRequest request, 
HttpServletResponse response, int status, String error) throws IOException {
-    if (error != null && error.startsWith("Token") && 
error.endsWith("disabled")) {
+    if (error != null && error.startsWith("Token") && 
(error.endsWith("disabled") || error.endsWith("exceeded idle timeout"))) {

Review Comment:
   Fixed. I declared new constants and used them wherever it was needed.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 903343)
    Time Spent: 1.5h  (was: 1h 20m)

> Implement Knox idle session time
> --------------------------------
>
>                 Key: KNOX-3005
>                 URL: https://issues.apache.org/jira/browse/KNOX-3005
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: KnoxSSO
>    Affects Versions: 2.1.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>             Fix For: 2.1.0
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> With the recent work of KNOX-2961, the new SSO token invalidation 
> functionality, Knox could provide idle session timeout behavior for UIs.
> It will likely not include the usual UI pop-up approach (like when the 
> end-user is informed about being idle too long), but it would effectively 
> terminate idle SSO sessions and force an explicit login.
> It's also worth mentioning the idleness measurement solely depends on backend 
> activities through the KnoxSSO Cookie federation filter. and will not take 
> any client-side action (such as scrolling on the page, client-side 
> pagination, etc..) into account.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to