Fix ssoadm dsameuser SSO token cleanup (WrenSecurity#141)

openam-core/src/main/java/com/iplanet/sso/providers/dpro/SSOProviderImpl.java

@@ -28,6 +28,7 @@
 
 /**
  * Portions copyright 2013-2016 ForgeRock AS.
+ * Portions Copyright 2023 Wren Security.
  */
 package com.iplanet.sso.providers.dpro;
 
@@ -340,7 +341,7 @@ public void destroyToken(SSOToken token) throws SSOException {
             SSOTokenID tokenid = token.getTokenID();
             String id = tokenid.toString();
             SessionID sessid = new SessionID(id);
-            Session session = sessionCache.getSession(sessid);
+            Session session = sessionCache.getSession(sessid, true);
             session.destroySession(session);
         } catch (Exception e) {
             if (debug.messageEnabled()) {

openam-core/src/main/java/com/sun/identity/security/AdminTokenAction.java

@@ -178,13 +178,12 @@ public static void reset() {
     }
 
     private void resetInstance() {
-        if (appSSOToken != null) {
-            // XXX Temporarily disabled to workaround unavailable CTS token store issue (see https://github.com/WrenSecurity/wrenam/issues/63)
-            // try {
-            //     getInstance().tokenManager.destroyToken(appSSOToken);
-            // } catch (SSOException ssoe) {
-            //     debug.error("AdminTokenAction.reset: cannot destroy appSSOToken.", ssoe);
-            // }
+        if (appSSOToken != null && !SystemProperties.isServerMode()) {
+             try {
+                 getInstance().tokenManager.destroyToken(appSSOToken);
+             } catch (SSOException ssoe) {
+                 debug.error("AdminTokenAction.reset: cannot destroy appSSOToken.", ssoe);
+             }
             appSSOToken = null;
         }
         internalAppSSOToken = null;