Session Extension API Does Not Extend Sub-Organization Sessions

[Pratheesha97]

Description

When authenticating users from a sub-organization, two sessions are created:

1. A session in the root organization, which acts as the effective session.
2. A session in the sub organization, created due to the underlying federation architecture.

However, when invoking the Session Extend API (/extend-session) [1] to extend the session for sub-organization users, only the session in the root organization gets extended. The session in the sub-organization remains unaffected.

If the sub-organization session eventually times out, it triggers a logout request to the root organization, terminating the root session as well. As a result, the session extension API becomes ineffective for sub-organization users, leading to unexpected session terminations.

Expected Behavior:

Session extension API should extend both the root and sub organization sessions to prevent premature session termination.

Steps to Reproduce

• Authenticate using a sub-organization user.
• Invoke the Session Extend API (/extend-session) [1] to extend the session.
• Observe that only the root organization session is extended, while the sub-organization session remains unchanged.

[1] - https://is.docs.wso2.com/en/latest/apis/idp-session-extender-endpoint/

Version

7.0.0

Environment Details (with versions)

No response