000030257 - RSA Federated Identity Manager: Session Plugin does not clean up temporary user created by the transient nameID plugin

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jun 26, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030257
Applies ToRSA Product Set: Federated Identity Manager
RSA Product/Service Type: Federated Identity Management Module
RSA Version/Condition: 4.2
Platform: Windows
 
IssueThe FIM Session Plugin does not clean up temporary user created by the transient nameID plugin.

The following messages should occur in the FIM system.log file when the CTSession Cleanup thread runs.
 

2015-05-14 14:21:41,141, (CTSessionCleanupThread.java:61), WIN-505ATCFECED, , , , Cleaning up ct temporary users created by the CT session plug-in.
2015-05-14 14:21:41,402, (CTPluginHelper.java:453), WIN-505ATCFECED, , , , Started Deleting users
2015-05-14 14:21:41,437, (CTPluginHelper.java:459), WIN-505ATCFECED, , , , Time taken for deleting 1users:35ms
2015-05-14 14:21:41,438, (CTPluginHelper.java:460), WIN-505ATCFECED, , , , Time taken for deleting 1users:0sec
2015-05-14 14:21:41,442, (CTPluginHelper.java:453), WIN-505ATCFECED, , , , Started Deleting users
2015-05-14 14:21:41,442, (CTPluginHelper.java:459), WIN-505ATCFECED, , , , Time taken for deleting 0users:0ms
2015-05-14 14:21:41,442, (CTPluginHelper.java:460), WIN-505ATCFECED, , , , Time taken for deleting 0users:0sec
2015-05-14 14:21:41,442, (CTSessionCleanupThread.java:59), WIN-505ATCFECED, , , , Sleeping for 86400000 ms.



If these events are not logged then the cleanup thread may not have run.
CauseNote that changes to the frequency of the cleanup thread in the CTSession plugin only take effect when the pluign is loaded, either by selecting "reload" in the FIM console, or when the server is started. If a new CTSession plugin is created, or an existing CTSesssion plugin is edited, these settings may not take effect.

In addition, even if the CTSession plugin is reloaded, if an existing CTSessionCleanupThread is currently sleeping, the new cleanup interval will not take effect until the existing thread sleep interval has expired. 

Also note that if any error occurs that prevents the CTSession plugin from being loaded, the cleanup thread will not be started. 
WorkaroundIf you wish to ensure that changes to the CTSession plugin temporary user cleanup thread for the users created by the transient nameID plugin are being used, restart the FIM server.

Attachments

    Outcomes