-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't sign out properly #2766
Comments
is that just checking the JWT is valid or is it going into the user's entry to find it? because that'd indicate that the log IN session had synchronized at least - thinking about the "async write race" possibility.. |
I'd need to double check the logs to be sure, but I know I've hit this case in other situations anyway. |
We also experienced this issue before switching to the So it might be some sort of permissions issue? And based on our observation, the issue seems to be fixed in the devel version. |
Were you logging in/out really fast? Or was there a time gap between the login and logout? |
I'm having this issue too.
Version kanidmd: 1.2.0 |
There where ~10 seconds in between login and logout when I tried, but also had the error when trying to logout with a session that was a couple days old.
|
There's... also something going on in the CLI, noted in #2741 |
That's a bit cumbersome. I have to clear Local storage (bearer_token) manually to log out. |
I have investigated and submitted a PR. I'm really sorry that this happened, we'll have this backported to 1.2 for everyone. |
Discussed in #2760
Originally posted by MrSpock May 11, 2024
Hi,
I'm evaluating kanidm and I stuck with such basic stuff like logout.
When I login to system and click Sign Out I'm getting following log error and web message:
kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 INFO request [ 4.50ms | 9.87% / 100.00% ] method: GET | uri: /v1/logout | version: HTTP/1.1 kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 INFO ┝━ handle_logout [ 4.06ms | 22.44% / 90.13% ] kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 INFO │ ┝━ validate_client_auth_info_to_ident [ 3.05ms | 67.69% ] kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 INFO │ │ ┕━ i [info]: A valid limited session value exists for this token | event_tag_id: 10 kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 INFO │ ┝━ i [info]: modify initiator | event_tag_id: 10 | name: User( spock@*, fc4a6f61-a843-4dbf-bf27-cfc91b0ec0f6 ) (d8ebf915-0b57-4439-b3d9-ea757cf7585e, read write) kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 INFO │ ┝━ i [info]: search | event_tag_id: 10 | initiator: User( spock@idm*, fc4a6f61-a843-4dbf-bf27-cfc91b0ec0f6 ) (d8ebf915-0b57-4439-b3d9-ea757cf7585e, read write) kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 INFO │ ┝━ i [info]: denied ❌ - no entries were released | event_tag_id: 11 kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 ERROR │ ┝━ 🚨 [error]: modify: no candidates match filter, failure Filter(Valid) (not ( (class eq Iutf8("tombstone") or class eq Iutf8("recycled")) ) and (uuid eq Uuid(fc4a6f61-a843-4dbf-bf27-cfc91b0ec0f6) and user_auth_token_session eq Refer(d8ebf915-0b57-4439-b3d9-ea757cf7585e))) kanidmd | | event_tag_id: 4 kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 ERROR │ ┕━ 🚨 [error]: Failed to destroy user auth token NoMatchingEntries | event_tag_id: 1 kanidmd | 76071ae1-1f1b-40b6-a9f8-d1d2778420b0 WARN ┕━ 🚧 [warn]: | latency: 4.545756ms | status_code: 404 | kopid: "76071ae1-1f1b-40b6-a9f8-d1d2778420b0" | msg: "client error"
What Am I doing wrong ? :)
I wonder if in this case since the auth token is within the grace window, and since it's being used to logout, we should just write a session stub with the revoked state which will cause the async write back to be dropped? It would resolve this error.
The text was updated successfully, but these errors were encountered: