Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-02-26

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:33 aldaris joined #openam
00:33 pcypher joined #openam
01:03 pcypher joined #openam
01:31 pcypher joined #openam
01:57 pcypher joined #openam
02:29 pcypher joined #openam
05:52 ramteid joined #openam
06:46 msarmadi joined #openam
08:55 aldaris joined #openam
09:37 jjpp hi.,
09:37 aldaris hi
09:37 jjpp aldaris: from the top of your head.. is there a maximum length of session token (iplanetdirectorypro cookie value)?
09:37 aldaris whatever you do
09:37 aldaris don't do it
09:38 aldaris stateless sessions in 13 will make it pointless
09:38 aldaris the session cookies in 12 have some theoretical limit, but stateless session won't
09:39 jjpp well.. i'm not doing anything. but i would say that at the moment knowing that max length might be useful to estimate some memory usage for client apps or something to that effect
09:39 jjpp hm, okay. they are not stateless but the tokens are the state.. ? :)
09:40 aldaris stateless session -> nothing (or not much) stored on the server side
09:41 jjpp hm. killing session (eg to log out user) would be hard..?
09:41 jjpp they are optional, i guess?
09:41 aldaris I said not much :)
09:42 aldaris the logged out sessions will be stored somewhere
09:42 aldaris yes, will be optional
09:56 aldaris joined #openam
10:08 rghose joined #openam
10:08 rghose so sometimes I get logged into openam console as not admin user. any other user faced this issues
10:08 rghose issue ? *
10:18 Desmond joined #openam
10:19 Desmond1 joined #openam
10:24 KermitTheFragger joined #openam
10:44 aldaris joined #openam
10:50 ramteid joined #openam
11:09 aldaris1 joined #openam
11:25 aldaris joined #openam
11:27 aldaris balo: tag fixed
11:57 MegaMatt joined #openam
12:28 balo aldaris: thanks!
12:36 aldaris joined #openam
12:39 aldaris joined #openam
13:37 bohocode joined #openam
14:08 aldaris1 joined #openam
15:04 aldaris joined #openam
15:19 aldaris https://twitter.com/majorpetya/status/570965869867761664
15:36 balo Well written advisories
15:37 asyd indeed!
15:41 aldaris it only took a few days to get that all done
15:41 aldaris and thanks (blush)
15:42 penk joined #openam
15:44 penk heeeeeeelllp.  our opends changelogDb is eeeenormous
15:44 penk root@prod-sso-1:/opt/openamconfiguration/opends# du -hs changelogDb/
15:44 penk 42GchangelogDb/
15:44 penk how for we can stop that from happening?
15:45 aldaris you are using embedded for CTS aren't you
15:46 penk mmm, not sure what CTS is - but yes, using embedded.
15:46 aldaris session failover enabled?
15:47 penk yep.
15:47 aldaris then that's why
15:47 penk help me understand.  why is that making the directories stupidly large?
15:47 aldaris you may want to use an external directory for CTS (that stores the sessions)
15:47 aldaris the sessions are constantly changing
15:48 aldaris and the way they are modified is also a bit suboptimal
15:48 penk well, in our setup, we're using it for auth / session setup only.  once the sessions are passed via token to the app, the openam server is enver referenced.  our sessions are set to last only 30 seconds
15:48 aldaris you want to look at the replication purge delay setting for OpenDJ
15:49 aldaris the session timeout settings are stored in minutes, so doubt it's really 30 seconds
15:50 penk yep, you're right, my bad
15:50 penk it's set to 5 minutes
15:51 penk not sure where the replication setting in opendj is.  we're not really using opendj - we're using remote IDP's for session startup / creation
15:52 aldaris Google said: http://openam.forgerock.org/doc/webhelp/install-guide/cts-replication.html
15:52 MegaMatt Quick google search for “replication purge delay opendj"
15:52 JayD joined #openam
15:52 penk oooOoOooo
15:53 penk that looks like exactly what we want to change.
15:53 bohocode joined #openam
15:53 penk (jayd here is my office compatriot.  he's working on this problem with me)
15:55 penk okay, we're going to use dsconfig to shorten from 3 days to an hour or so.  the sessions are extremely short lived, so an hour should be fine
15:55 penk thanks guys :)
16:00 aldaris1 joined #openam
16:21 penk that change has caused the purge to start happening on that directory.  Thanks guys!
16:21 pcypher joined #openam
17:15 JayD THank you for all your help,
17:36 MegaMatt joined #openam
17:52 bohocode joined #openam
17:59 JayD left #openam
18:23 pcypher joined #openam
18:59 pcypher joined #openam
19:00 penk joined #openam
19:30 pcypher joined #openam
20:12 penk joined #openam
20:21 pcypher joined #openam
21:13 Desmond1 left #openam
21:51 aldaris joined #openam
21:56 balo there is 3.17.4 from mozilla NSS http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_4_RTM/src/
22:04 aldaris joined #openam
22:06 pcypher joined #openam
22:43 pcypher joined #openam
22:43 aldaris joined #openam
22:54 aldaris joined #openam
22:59 aldaris joined #openam
23:44 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary