Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1637

CrowdAuth doesn't expire cached app tokens if CrowdAuth timeout longer than Crowd timeout

    XMLWordPrintable

Details

    Description

      There's a bug in the Crowd Apache connector to do with the relative timeouts on the validity of app tokens. If the cache expiry time in the Apache connector is longer than the expiry time of the app token in Crowd, then the connector will use an expired app token (which it thinks is still valid) to authenticate principals. The problem is that when this principal authentication fails (which it will, because the app token is no longer valid), the apache connector doesn't dump the app token cache because it thinks that the authentication failed because the principal credentials were wrong.

      This bug is easy to work around: always set the Apache connector expiry to something less than the Crowd server expiry.

      (see CWDSUP-2050)

      Attachments

        Activity

          People

            Unassigned Unassigned
            beb930a06022 Andrew Reid
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: