invalidate existing API sessions when identity is disabled #1355

qrkourier · 2022-12-06T16:07:29Z

The identity property disabled prevents authentication, but existing sessions can still be renewed indefinitely. Change the edge controller to invalidate existing API sessions for the newly-disabled identity.

The text was updated successfully, but these errors were encountered:

qrkourier · 2023-03-05T18:12:05Z

This seems to have changed because calling POST /edge/management/v1/identities/{id}/disabled with {"durationMinutes": 1} does cause the affected identity to lose access to services immediately. I tested with ziti-edge-tunnel authorized with a Dial SP. However, after durationMinutes has transpired and the identity again has disabled: false, the client does not continue polling for services unless the identity is toggled off and on again or the client tunneler restarted.

Handle duplicate tunnel terminator creation gracefully. Fixes #1355

qrkourier transferred this issue from openziti/edge Sep 28, 2023

plorenz added a commit that referenced this issue Sep 30, 2023

Handle duplicate tunnel terminator creation gracefully. Fixes #1355

431df85

plorenz added a commit that referenced this issue Sep 30, 2023

Merge pull request #1356 from openziti/create-terminator-dups

ee63137

Handle duplicate tunnel terminator creation gracefully. Fixes #1355

ekoby assigned andrewpmartinez Jul 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

invalidate existing API sessions when identity is disabled #1355

invalidate existing API sessions when identity is disabled #1355

qrkourier commented Dec 6, 2022

qrkourier commented Mar 5, 2023 •

edited

Loading

invalidate existing API sessions when identity is disabled #1355

invalidate existing API sessions when identity is disabled #1355

Comments

qrkourier commented Dec 6, 2022

qrkourier commented Mar 5, 2023 • edited Loading

qrkourier commented Mar 5, 2023 •

edited

Loading