Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.6.0
-
None
-
None
Description
Steps to reproduce:
- configure Knox's performance test tool as follows:
- perf.test.usecase.knoxtoken.numOfThreads = 20
-
- perf.test.usecase.knoxtoken.topology.gateway=homepage
-
- perf.test.usecase.knoxtoken.requestDelayLowerBoundInSecs=1
-
- perf.test.usecase.knoxtoken.requestDelayUpperBoundInSecs=3
- run the tool
Observation: Knox allows more than 10 tokens to be created for the {{guest }}user. This should not be the case because the default token limit is 10.
RCA:
there is a gap between the token limit check and the actual place where the token metadata is saved in the underlying token backend. Thus - in the case of several threads are acquiring tokens - the flow lets this check pass and Knox continues to create the token.
Additional information:
This issue cannot be reproduced by generating tokens on the Token Generation page since tit requires a multi-threaded and highly concurrent ENV to happen.