Handle webapp authentication error when session is no longer active
Closed, MigratedEdits Locked
Actions

Assigned To

Authored By

	anlambert
	Aug 23 2021, 2:01 PM

Description

When a user has authenticated through Keycloak in the webapp, its OpenID Connect profile is put in
cache in order to simplify authentication on each HTTP request and avoid sending too much requests
to the Keycloak server.

Nevertheless, when a user session has been terminated without using the logout link (for instance a user
can logout from all its authenticated sessions using the Keycloak account UI), the expired OIDC profile is
still in webapp cache which causes errors and prevent new user logins (related sentry issue).

We should catch error related to no longer active Keycloak user session in django authentication backend
and remove the expired OIDC profile from cache to allow user to properly login again.

Revisions and Commits

rDAUTH Common authentication libraries
	D6122	rDAUTH508b476db7c5 django/backends: Handle error when user session is no longer active

Event Timeline

anlambert triaged this task as Normal priority.Aug 23 2021, 2:01 PM

anlambert created this task.

anlambert added a revision: D6122: django/backends: Handle error when user session is no longer active.Aug 23 2021, 3:15 PM

anlambert added a commit: rDAUTH508b476db7c5: django/backends: Handle error when user session is no longer active.Aug 23 2021, 5:16 PM

Fix has been deployed to production, issue is now fixed, closing this.

This task has been migrated to GitLab.

Handle webapp authentication error when session is no longer activeClosed, MigratedEdits LockedActions

Description

Revisions and Commits

Event Timeline

Handle webapp authentication error when session is no longer active
Closed, MigratedEdits Locked
Actions