From 183b502f4bb02f4cc87bd082323aa2b8bbac7d78 Mon Sep 17 00:00:00 2001
From: Derek Ho <dxho@amazon.com>
Date: Thu, 8 Feb 2024 17:42:49 -0500
Subject: [PATCH] Fix SAML timeout issues when keepalive is true

Signed-off-by: Derek Ho <dxho@amazon.com>
---
 server/auth/types/authentication_type.ts | 4 +++-
 server/auth/types/saml/routes.ts         | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/server/auth/types/authentication_type.ts b/server/auth/types/authentication_type.ts
index 3fef38175..eb15b3971 100755
--- a/server/auth/types/authentication_type.ts
+++ b/server/auth/types/authentication_type.ts
@@ -143,6 +143,8 @@ export abstract class AuthenticationType implements IAuthenticationType {
         cookie = undefined;
       }
 
+      console.log(cookie)
+
       if (!cookie || !(await this.isValidCookie(cookie, request))) {
         // clear cookie
         this.sessionStorageFactory.asScoped(request).clear();
@@ -160,7 +162,7 @@ export abstract class AuthenticationType implements IAuthenticationType {
 
       // extend session expiration time
       if (this.config.session.keepalive) {
-        cookie!.expiryTime = Date.now() + this.config.session.ttl;
+        cookie!.expiryTime = Math.max(Date.now() + this.config.session.ttl, cookie.expiryTime || 0);
         this.sessionStorageFactory.asScoped(request).set(cookie!);
       }
       // cookie is valid
diff --git a/server/auth/types/saml/routes.ts b/server/auth/types/saml/routes.ts
index 87605d65e..64e2aa84f 100644
--- a/server/auth/types/saml/routes.ts
+++ b/server/auth/types/saml/routes.ts
@@ -84,6 +84,7 @@ export class SamlAuthRoutes {
               redirectHash: request.query.redirectHash === 'true',
             },
           };
+          console.log('saml login cookie' + JSON.stringify(cookie))
           this.sessionStorageFactory.asScoped(request).set(cookie);
           return response.redirected({
             headers: {
@@ -113,6 +114,7 @@ export class SamlAuthRoutes {
         let redirectHash: boolean = false;
         try {
           const cookie = await this.sessionStorageFactory.asScoped(request).get();
+          console.log('acs' + JSON.stringify(cookie))
           if (cookie) {
             requestId = cookie.saml?.requestId || '';
             nextUrl =
@@ -142,16 +144,20 @@ export class SamlAuthRoutes {
             credentials.authorization
           );
 
+          console.log('creds' + JSON.stringify(credentials), 'user' + JSON.stringify(user))
+
           let expiryTime = Date.now() + this.config.session.ttl;
           const [headerEncoded, payloadEncoded, signature] = credentials.authorization.split('.');
           if (!payloadEncoded) {
             context.security_plugin.logger.error('JWT token payload not found');
           }
           const tokenPayload = JSON.parse(Buffer.from(payloadEncoded, 'base64').toString());
+          console.log(tokenPayload)
 
           if (tokenPayload.exp) {
             expiryTime = parseInt(tokenPayload.exp, 10) * 1000;
           }
+          console.log(expiryTime)
 
           const cookie: SecuritySessionCookie = {
             username: user.username,