Skip to content

[release/2.1] Honor sliding expiration in the security stamp validator #36480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Sep 13, 2021
Merged

[release/2.1] Honor sliding expiration in the security stamp validator #36480

merged 9 commits into from
Sep 13, 2021

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Sep 13, 2021
edited by Tratcher
Loading

Backport of #36469 to release/2.1

/cc @Tratcher

Description

SecurityStampValidator may override SlidingExpiration and extend the auth session lifetime longer than desired.

Regression?

No

Testing

Unit and manual.

Risk

Low

@Tratcher Tratcher changed the title [release/2.1] [release/3.1] Honor sliding expiration in the security stamp validator [release/2.1] Honor sliding expiration in the security stamp validator Sep 13, 2021
@Tratcher Tratcher self-assigned this Sep 13, 2021
@Tratcher Tratcher added the Servicing-consider Shiproom approval is required for the issue label Sep 13, 2021
@ghost
Copy link

ghost commented Sep 13, 2021

"Hi github-actions[bot]. Please make sure you've updated the PR description to use the Shiproom Template. Also, make sure this PR is not marked as a draft and is ready-to-merge.

To learn more about how to prepare a servicing PR click here.

@Tratcher Tratcher added this to the 2.1.x milestone Sep 13, 2021
@Pilchie Pilchie added the area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer label Sep 13, 2021
@github-actions github-actions bot requested review from a team and Tratcher as code owners September 13, 2021 19:31
adityamandaleeka
adityamandaleeka approved these changes Sep 13, 2021
View reviewed changes
Copy link
Member

@adityamandaleeka adityamandaleeka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. @wtgodbe can you review to make sure the patch config is right and we didn't miss something?

wtgodbe
wtgodbe approved these changes Sep 13, 2021
View reviewed changes
Copy link
Member

@wtgodbe wtgodbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PatchConfig looks good

@wtgodbe wtgodbe enabled auto-merge (squash) September 13, 2021 22:10
@wtgodbe wtgodbe merged commit 0d07e7a into release/2.1 Sep 13, 2021
@wtgodbe wtgodbe deleted the backport/pr-36469-to-release/2.1 branch September 13, 2021 23:30
@dougbu dougbu modified the milestones: 2.1.x, 2.1.31 Sep 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adityamandaleeka adityamandaleeka adityamandaleeka approved these changes

@blowdart blowdart blowdart approved these changes

@wtgodbe wtgodbe wtgodbe approved these changes

@Pilchie Pilchie Awaiting requested review from Pilchie

@Tratcher Tratcher Awaiting requested review from Tratcher Tratcher is a code owner

Assignees

@Tratcher Tratcher

Labels

area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer Servicing-consider Shiproom approval is required for the issue

Projects

None yet

Milestone

2.1.31

Development

Successfully merging this pull request may close these issues.

7 participants

@adityamandaleeka @blowdart @wtgodbe @Pilchie @Tratcher @dougbu