How would I retrieve all valid sessions for a specific user? For example, if the user is logged in from multiple devices and decides to change password, or reset password. I need to be able to expire all active sessions and log the user out of all devices. This is specially important if the user is suspecting that his/her account has been compromised and needs to change the password. Currently I can retrieve RMEs but not sessions. I know this is doable from the UI but I need to put this feature in an SDK or API. Is there a curl command to easily achieve this?
Forgerock - OpenAM - retrieving all valid sessions for a specific user
1.2k Views Asked by Sarah A At
1
There are 1 best solutions below
Related Questions in OPENAM
- OpenAM Community Edition with Vue SPA / CORS Settings
- Can we extend OPENAM session time by a specific time period?
- Websphere liberty - how to disable user credentials pop-up for basic registry credentials
- Unknown objectclass inetadmin when trying to create user in opendj through openam
- How to Downgrade ForgeRock AM from 720 to 653
- Failed to configure ForgeRock openAM deployment
- Traefik Proxy update response cookies SameSite to None
- how can i connect openam7 with mysql in ubuntu 22.04
- How to install high availability of OpenAM version 14
- Setting Client_Secret white fetching tokens using ForgeRock Javascript SDK
- How to I add validation for user not present in the database after open AM Authentication
- Facing an Forgerock object execption in OpenDJ Reset password with OPenAM
- Have to decrpt a SHA1 password to Forgerock OpenIDM
- ForgeRock OpenAM 5.5 Sign-in Sticky Session
- Authentication and getting attributes using componentspace SAML library with ForgeRock backend in .NET core
Related Questions in OPENDJ
- OpenDJ upgradation: com.sleepycat.je.VersionMismatchException: Expected log version 15 or earlier but found 17 VERSION_MISMATCH
- Unknown objectclass inetadmin when trying to create user in opendj through openam
- OpenDJ Administration Port (4444) not able to authenticate Default User(Directory Manager) /any user
- The master key with alias does not exist in the key manager
- OpenDJ Control-panel doesn't synchronize newly created attribute and object types
- How to configure opendj subtree replication
- Getting error while creating the tenant in wso2 Identity server 6.0.0
- OpenDJ: ldapsearch filter for objectClasses returns results on only 1 of 2 replicated servers
- OpenDJ: Editing 'gecos' schema syntax causes 'posixAccount' to be removed and creates a duplicate OID
- OPENDJ: LDAP: SCHEMA: [Unable to register attribute type name with the server schema...]
- Are there any possibilities of upgrading OpenDJ LDAP with minimalistic downtime?
- Facing an Forgerock object execption in OpenDJ Reset password with OPenAM
- Have to decrpt a SHA1 password to Forgerock OpenIDM
- Why an OpenDJ non-admin user can copy and remove, but cannot move an item?
- opendj (2.6), how to MANUALLY unlock a user who has locked his account due to failed logins
Related Questions in OPENIDM
- Have to decrpt a SHA1 password to Forgerock OpenIDM
- Openidm user managed role removal upon termination
- Javascript error when executed under idm environment
- Decode encoded string while transforming in openidm
- Which is the best OS for ForgeRock products (i.e. AM, IDM, DS and IG) to be used in Docker container?
- How to use log4j+slf4j for OpenIDM instead JUL
- Client Certificate Authentication for an application behind Ingress
- OPENIDM- HTTP PUT cURL request
- How to implement a openidm splunk audit failover
- Livesync with delete operation is not working
- How to test OpenIm (ForgeRock) Request on Postman?
- OpenAM, OpenDJ, OpenIDM Production Requirement
- OpenIDM NullPointerException when installing Salesforce Identity Connect
- Ajax Header Request "X-openIDM-Reauth-Password" not working
- How to Implement function return from http request
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Sarah,
Currently there is no endpoint that will let you invalidate all user sessions.You would need the session token of each session and then call the /json/sessions/?_action=logout REST endpoint multiple times (once per session).
That being said you can use the following class to get the list of sessions for a particular user:
You can read the javadoc here.
There are some constraints for using this method though. Session Quota must be enabled. You can enable Session Quota on the admin console by going to Configuration -> Global -> Session page and:
To sum up, you can create your own custom endpoint that will take the User ID and invoke SessionCount.getAllSessionsByUUID(uuid) to get the list of active sessions. After that, you can iterate through the list of sessions and invalidate them one by one.
Hope this answers your question.