Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HPCC-16262 DOCS:Session Management #10987

Merged
merged 2 commits into from Apr 17, 2018

Conversation

Projects
None yet
6 participants
@g-pan
Copy link
Member

commented Mar 26, 2018

Fix HPCC-16262 DOCS:Session Management
Document new HPCC Session Management, also address HPCC-18904

@JamesDeFabia please review
@RussWhitehead please review

NOTE: For the file TheECLWatchMan.xml only material relevant to this issue is lines 124-153
(rest was inadvertently marked as changed after insertion of DNT tags for internationalization)

Signed-off-by: G-Pan greg.panagiotatos@lexisnexis.com

Type of change:

  • This change is a bug fix (non-breaking change which fixes an issue).
  • This change is a new feature (non-breaking change which adds functionality).
  • This change improves the code (refactor or other change that does not change the functionality)
  • This change fixes warnings (the fix does not alter the functionality or the generated code)
  • This change is a breaking change (fix or feature that will cause existing behavior to change).
  • This change alters the query API (existing queries will have to be recompiled)

Checklist:

  • My code follows the code style of this project.
    • My code does not create any new warnings from compiler, build system, or lint.
  • The commit message is properly formatted and free of typos.
    • The commit message title makes sense in a changelog, by itself.
    • The commit is signed.
  • My change requires a change to the documentation.
    • I have updated the documentation accordingly, or...
    • I have created a JIRA ticket to update the documentation.
    • Any new interfaces or exported functions are appropriately commented.
  • I have read the CONTRIBUTORS document.
  • The change has been fully tested:
    • I have added tests to cover my changes.
    • All new and existing tests passed.
    • I have checked that this change does not introduce memory leaks.
    • I have used Valgrind or similar tools to check for potential issues.
  • I have given due consideration to all of the following potential concerns:
    • Scalability
    • Performance
    • Security
    • Thread-safety
    • Premature optimization
    • Existing deployed queries will not be broken
    • This change fixes the problem, not just the symptom
    • The target branch of this pull request is appropriate for such a change.
  • There are no similar instances of the same problem that should be addressed
    • I have addressed them here
    • I have raised JIRA issues to address them separately
  • This is a user interface / front-end modification
    • I have tested my changes in multiple modern browsers
    • The component(s) render as expected

Testing:

Please see successful Doc test build: http://10.240.32.243/view/Docs%207.0/job/DocDev70/

@hpcc-jirabot

This comment has been minimized.

Copy link

commented Mar 26, 2018

@JamesDeFabia
Copy link
Contributor

left a comment

Comments inline


<para>The 7.0 release of HPCC Platform introduces the new ESP Session
Management security feature. For users this will function similar to
PeopleHub or banking applications, where you initially log in (to ECLWatch

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

No need to mention PeopleHub (an Oracle product)

<para>The 7.0 release of HPCC Platform introduces the new ESP Session
Management security feature. For users this will function similar to
PeopleHub or banking applications, where you initially log in (to ECLWatch
or the ECL IDE) and after a configurable period of inactivity you will be

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

Does the IDE lock after a time?

cookies and are shared across tabs and instances of each browser. Activity
in any instance will extend the entire session duration. Additionally, there
is a Logout menu item available so security conscious users can close their
session when they have completed their work.</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

Additionally, a Logout menu option allows you to close your session when you are finished.

session last? </para>

<para><emphasis role="strong">A</emphasis>: This is configurable by
the HPCC (Administrator) Operations team, using the HPCC Configuration

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

no need to talk about our Operations Team.
You can configure this using Configuration Manager. The default setting is two hours of inactivity.

<para><emphasis role="strong">Q</emphasis>: Will I have to login to
ConfigManager?</para>

<para><emphasis role="strong">A</emphasis>: No. (out of scope)</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

out of scope?

expired password from the login screen?</para>

<para><emphasis role="strong">A</emphasis>: Yes, this behaves just like it
currently does. You will be prompted to enter the old and new

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

use present tense

to log in?</para>

<para><emphasis role="strong">A</emphasis>: Enter the same SDS credentials
you already use.</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

SDS?


<para><emphasis role="strong">A</emphasis>: These secure protocols are
already available to be configured by an HPCC Administrator. Although not
required for session management, it is hoped that they are

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

it is hoped?


<listitem>
<para><emphasis role="strong">Q</emphasis>: Will my programmatic SOAP
calls utilizing ESP have any impact from the sessions?</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

impact from the sessions?

</listitem>

<listitem>
<para><emphasis role="strong">Q</emphasis>: When will I see the Session

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 27, 2018

Contributor

is this question valid since the docs are version 7?

@JamesDeFabia
Copy link
Contributor

left a comment

comment inline. In general, this is much better

account will get locked after a configurable period of
inactivity.</para>
logout available. You are able to log off, and if you do not your
account gets locked after a configurable period of inactivity.</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 28, 2018

Contributor

the account gets locked?

@JamesDeFabia
Copy link
Contributor

left a comment

comments inline

<sect2>
<title>User Login</title>

<para>The first thing you encounter when starting a session in ECL

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 29, 2018

Contributor

When you open ECL Watch, a log in window displays.

</mediaobject>
</figure></para>

<para>You will login with the credentials supplied by your Systems

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 29, 2018

Contributor

Present tense


<para>You will login with the credentials supplied by your Systems
Administrator. After a configurable period of inactivity your ECL
Watch session will lock and you would need to enter your credentials

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Mar 29, 2018

Contributor

Active voice, present tense

@g-pan g-pan force-pushed the g-pan:H16262-SMgmt branch from 3f90e4b to 99e6b4b Mar 29, 2018

@RussWhitehead
Copy link
Member

left a comment

Some comments

<para><emphasis role="strong">Q</emphasis>: What credentials should I
use to login with?</para>

<para><emphasis role="strong">A</emphasis>: (TBD) Use your assigned

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

Why is this TBD ?

expires?</para>

<para><emphasis role="strong">A</emphasis>: This depends on your
system policies. If your password does expire, you will be presented a

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

"This depends on your system policies and the configured security manager"


<para><emphasis role="strong">A</emphasis>: No. They function exactly
the same as before session management.</para>
</listitem>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

This is only true if ESP is not configured for "AuthTypeSessionOnly." Confirm with Kevin

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 9, 2018

Member

Still wrong

ECLWatch reset the session expiration timer?</para>

<para><emphasis role="strong">A</emphasis>: No. Only user initiated
actions extend the timeout.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

Might want to mention somewhere that scrolling a window does NOT reset the timeout. Only mouse clicks and key presses

</listitem>

<listitem>
<para><emphasis role="strong">Q</emphasis>: Which credentials should I

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

Didn't you ask this question above?

calls utilizing ESP have any impact?</para>

<para><emphasis role="strong">A</emphasis>: No. Programmatic SOAP
calls continue to operate as they do now.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

Not true if "AuthTypeSessionOnly". Confirm with Kevin

Session Management changes?</para>

<para><emphasis role="strong">A</emphasis>: Session Management will be
included as part of HPCC Version 7.0.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

.. and must be configured by your HPCC Admin

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 9, 2018

Member

Still wrong

of LexisNexis Risk Data Management Inc.</para>
<para><!-- DNT-Start -->HPCC<!-- DNT-End -->
Systems<superscript>®</superscript> is a registered trademark of
LexisNexis Risk Data Management Inc.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

I am not familiar with "LexisNexis Risk Data Management Inc". Are we sure about this?

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 2, 2018

Contributor

LexisNexis Risk Data Management Inc is correct. I just reconfirmed from the internal trademark list to be sure.

Administrator. After a configurable period of inactivity your ECL
Watch session locks and you need to enter your credentials to unlock
and resume your session. The session remains active for as long as
there is regular interaction.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

as long as there is regular keyboard and mouse interaction

there is regular interaction.</para>

<para>Additionally, there is a Logout menu item available you can
close your session when you complete your work.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Mar 30, 2018

Member

Additionally, there is a Logout menu item available you can "CLICK TO" close your session when you complete your work

@JamesDeFabia
Copy link
Contributor

left a comment

comments inline

actions extend the timeout.</para>
<para><emphasis role="strong">A</emphasis>: No. Only active
interactions like mouse clicks and pressing keys extend the timeout.
Note scrolling does not extend the expiration timer. </para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 3, 2018

Contributor

What is note scrolling?

@@ -138,10 +138,10 @@
Administrator. After a configurable period of inactivity your ECL
Watch session locks and you need to enter your credentials to unlock
and resume your session. The session remains active for as long as
there is regular interaction.</para>
there is regular keyboard and mouse interaction.</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 3, 2018

Contributor

keyboard or mouse


<para>Additionally, there is a Logout menu item available you can
close your session when you complete your work.</para>
click on and close your session when you complete your work.</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 3, 2018

Contributor

Additionally, there is a Logout menu item available you can select to close your session when you complete your work

@g-pan g-pan force-pushed the g-pan:H16262-SMgmt branch from 74ea393 to 14747f3 Apr 9, 2018

@g-pan

This comment has been minimized.

Copy link
Member Author

commented Apr 9, 2018

@RussWhitehead please review revisions


<para><emphasis role="strong">A</emphasis>: No. They function exactly
the same as before session management.</para>
</listitem>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 9, 2018

Member

Still wrong

Session Management changes?</para>

<para><emphasis role="strong">A</emphasis>: Session Management will be
included as part of HPCC Version 7.0.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 9, 2018

Member

Still wrong

@g-pan

This comment has been minimized.

Copy link
Member Author

commented Apr 11, 2018

@RussWhitehead please review latest changes

@RussWhitehead

This comment has been minimized.

Copy link
Member

commented Apr 11, 2018

@g-pan Looks good

@JamesDeFabia
Copy link
Contributor

left a comment

comments inline


<listitem>
<para><emphasis role="strong">Q</emphasis>: Will I have to login to
ConfigManager?</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 11, 2018

Contributor

Configuration Manager


<para><emphasis role="strong">A</emphasis>: Yes, there is a link to
logout available. You are able to log off, and if you do not your
account locks after a configurable period of inactivity.</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 11, 2018

Contributor

Your account doesn't lock, your session does

<listitem>
<para><emphasis role="strong">Q</emphasis>: Will I be able to log in
as a different user?</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 11, 2018

Contributor

Duplicate question

This comment has been minimized.

Copy link
@g-pan

g-pan Apr 11, 2018

Author Member

Not really. This is very similar, but not the same.

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 13, 2018

Contributor

Now that you have changed the order, it works


<listitem>
<para><emphasis role="strong">Q</emphasis>: Is there any option to not
time out from inactivity?</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 11, 2018

Contributor

these two questions are almost the same and would be better combined

<para><emphasis role="strong">A</emphasis>: Possibly. If you have
configured AuthPerSessionOnly then some command line utilities may not
function the same as before session management.</para>
</listitem>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 11, 2018

Contributor

Different how?

<listitem>
<para><emphasis role="strong">Q</emphasis>: Does auto refresh in
ECLWatch reset the session expiration timer?</para>

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 11, 2018

Contributor

Duplicate question

<para><emphasis role="strong">Q</emphasis>: Will I be able to change
an expired password from the login screen?</para>

<para><emphasis role="strong">A</emphasis>: Yes, this behaves just as

This comment has been minimized.

Copy link
@JamesDeFabia

JamesDeFabia Apr 11, 2018

Contributor

If your password is expired, you are redirected to a page that allows you to reset it

HPCC-16262 DOCS:Session Management
Fix HPCC-16262 DOCS:Session Management
Document new HPCC Session Management...
also address HPCC-18904

Signed-off-by: G-Pan <greg.panagiotatos@lexisnexis.com>

@g-pan g-pan force-pushed the g-pan:H16262-SMgmt branch from a80e924 to b96ea9c Apr 11, 2018

@g-pan

This comment has been minimized.

Copy link
Member Author

commented Apr 12, 2018

@RussWhitehead please review @JamesDeFabia please review

<para><emphasis role="strong">Q</emphasis>: How long will an inactive
session last?</para>

<para><emphasis role="strong">A</emphasis>: You can configure this

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 12, 2018

Member

An HPCC Admin can configure this....

<para><emphasis role="strong">A</emphasis>: Possibly. If you have
configured AuthPerSessionOnly then command line utilities will not
work. If AuthPerSessionOnly is not enabled then command line utilities
will not be effected.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 12, 2018

Member

Please confirm this with Kevin

<listitem>
<para><emphasis role="strong">Q</emphasis>: If I am logged in to the
same account using multiple tabs in a browser, or multiple instances
of the same browser, can I get logged out of one but not the

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 12, 2018

Member

How do you "get logged out"?

out?</para>

<para><emphasis role="strong">A</emphasis>: Yes. The intent is to lock
your session and not completely log you out. Therefore logging back in

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 12, 2018

Member

"logging back in" is inaccurate since you are not logged out.

<para><emphasis role="strong">A</emphasis>: Maybe. If you have
configured AuthPerSessionOnly then SOAP calls will not work. If your
system is not configured that way, then programmatic SOAP calls
continue to operate as they do now.</para>

This comment has been minimized.

Copy link
@RussWhitehead

RussWhitehead Apr 12, 2018

Member

Confirm with Kevin

HPCC-16262 DOCS:Session Management
Fix HPCC-16262 DOCS:Session Management
Document new HPCC Session Management...
also address HPCC-18904

Signed-off-by: G-Pan <greg.panagiotatos@lexisnexis.com>
@g-pan

This comment has been minimized.

Copy link
Member Author

commented Apr 12, 2018

@RussWhitehead please re-review. (all CLI statements confirmed with Kevin)

@RussWhitehead

This comment has been minimized.

Copy link
Member

commented Apr 12, 2018

@g-pan Looks good

@HPCCSmoketest

This comment has been minimized.

Copy link
Contributor

commented Apr 12, 2018

Automated Smoketest:
OS: centos 7.2.1511 (Linux 3.10.0-327.28.3.el7.x86_64)
Sha: c8c23d6
Build: success
Install hpccsystems-platform-community_6.5.0-trunk0.el7.x86_64.rpm
HPCC Start: OK

Unit tests result:

Test total passed failed errors timeout
unittest 85 85 0 0 0
wutoolTest(Dali) 19 19 0 0 0
wutoolTest(Cassandra) 19 19 0 0 0

Regression test result:

phase total pass fail
setup (hthor) 11 11 0
setup (thor) 11 11 0
setup (roxie) 11 11 0
test (hthor) 759 759 0
test (thor) 686 686 0
test (roxie) 799 799 0

HPCC Stop: OK
HPCC Uninstall: OK
Time stats:

Prep time Build time Package time Install time Start time Test time Stop time Summary
13 sec (00:00:13) 544 sec (00:09:04) 160 sec (00:02:40) 6 sec (00:00:06) 21 sec (00:00:21) 1129 sec (00:18:49) 16 sec (00:00:16) 1889 sec (00:31:29)
@JamesDeFabia
Copy link
Contributor

left a comment

Looks good now

@richardkchapman richardkchapman merged commit 4db464b into hpcc-systems:master Apr 17, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.