Fix SAML timeout issues when keepalive is true

Signed-off-by: Derek Ho <[email protected]>
derek-ho · Feb 8, 2024 · 183b502 · 183b502
1 parent 4d7e5f3
commit 183b502
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/server/auth/types/authentication_type.ts b/server/auth/types/authentication_type.ts
@@ -143,6 +143,8 @@ export abstract class AuthenticationType implements IAuthenticationType {
         cookie = undefined;
       }
 
+      console.log(cookie)
+
       if (!cookie || !(await this.isValidCookie(cookie, request))) {
         // clear cookie
         this.sessionStorageFactory.asScoped(request).clear();
@@ -160,7 +162,7 @@ export abstract class AuthenticationType implements IAuthenticationType {
 
       // extend session expiration time
       if (this.config.session.keepalive) {
-        cookie!.expiryTime = Date.now() + this.config.session.ttl;
+        cookie!.expiryTime = Math.max(Date.now() + this.config.session.ttl, cookie.expiryTime || 0);
         this.sessionStorageFactory.asScoped(request).set(cookie!);
       }
       // cookie is valid

diff --git a/server/auth/types/saml/routes.ts b/server/auth/types/saml/routes.ts
@@ -84,6 +84,7 @@ export class SamlAuthRoutes {
               redirectHash: request.query.redirectHash === 'true',
             },
           };
+          console.log('saml login cookie' + JSON.stringify(cookie))
           this.sessionStorageFactory.asScoped(request).set(cookie);
           return response.redirected({
             headers: {
@@ -113,6 +114,7 @@ export class SamlAuthRoutes {
         let redirectHash: boolean = false;
         try {
           const cookie = await this.sessionStorageFactory.asScoped(request).get();
+          console.log('acs' + JSON.stringify(cookie))
           if (cookie) {
             requestId = cookie.saml?.requestId || '';
             nextUrl =
@@ -142,16 +144,20 @@ export class SamlAuthRoutes {
             credentials.authorization
           );
 
+          console.log('creds' + JSON.stringify(credentials), 'user' + JSON.stringify(user))
+
           let expiryTime = Date.now() + this.config.session.ttl;
           const [headerEncoded, payloadEncoded, signature] = credentials.authorization.split('.');
           if (!payloadEncoded) {
             context.security_plugin.logger.error('JWT token payload not found');
           }
           const tokenPayload = JSON.parse(Buffer.from(payloadEncoded, 'base64').toString());
+          console.log(tokenPayload)
 
           if (tokenPayload.exp) {
             expiryTime = parseInt(tokenPayload.exp, 10) * 1000;
           }
+          console.log(expiryTime)
 
           const cookie: SecuritySessionCookie = {
             username: user.username,