Hi Petr I get exactly the same behaviour ever so often. We are running IPA server 4.2.0 15.0.1.el7_2.3, (though we got the same problem with earlier releases too).
In my case the laptop running Firefox / FreeIPA WebUI, and the OEL Server running the IPA server have time within seconds / milliseconds of one another. The server uses NTPD (and has full missile lock on the NTP pool servers), and the laptop uses whatever OSX uses to keep time accurate. As I only need to use the FreeIPA WebUI rarely (every few months or so) the exact behaviour is difficult to pin down. It seems to work like this: a) I will sometimes have access without the "your session has expired" error. Typically this is when I have not used FreeIPA for a long time (months). b) then some days later, when I revisit the WebUI, the "your session has expired" error will crop up. c) as I have access to several workstations, each with several browsers installed (IE, FF, Chrome, Safari etc.), I may get luck and find one that does not give the error (while the others do). Just like the OP, the workstations are not FreeIPA hosts (or servers), and we use login /pw for the WebUI. Chris From: Petr Vobornik <pvobo...@redhat.com> To: wodel youchi <wodel.you...@gmail.com>, Alexander Bokovoy <aboko...@redhat.com> Cc: freeipa-users@redhat.com Date: 02.02.2016 08:48 Subject: Re: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired Sent by: freeipa-users-boun...@redhat.com On 01/31/2016 09:49 AM, wodel youchi wrote: > Hi, > > I miss explained myself apparently, here it is: > > I open a session with login/password, I do some work, I left it for a > while, the session disconnects which is normal. > I come back, I try to authenticate with login/password it keeps telling me > : your session has expired. > > Regards. Is there a time difference between a machine with browser and an IPA server? > > 2016-01-30 17:54 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>: > >> >> >> ----- Original Message ----- >>> Hi, >>> >>> When accessing the webui of Freeipa from the browser using login >> password, I >>> get your session has expired. >>> >>> >>> As a workaround I have to either : >>> - Delete the https certificate of the ipa server from the browser and >> delete >>> history then relogin again. >>> - Restart ipa services : ipactl restart >> - delete cookies in the browser corresponding to IPA server. >> >>> PS: The machine I am using to connect to the webui of freeipa is not >> enrolled >>> in it, I am using login/pass to connect not kerberos. >> Web UI session is set to 30 minutes or so. >> >> -- >> / Alexander Bokovoy >> > > > -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project