Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3253

XUI: sunIdentityUserPassword not set in com.sun.identity.authentication.spi.ReplayPasswd

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 12.0.0
    • Fix Version/s: 12.0.3, 13.0.0
    • Component/s: XUI
    • Environment:
      OpenAM-12.0.0-SNAPSHOT_nightly_20131016.zip
      Centos, JDK 1.7
    • Sprint:
      Sprint 76 - Team Tesla, Sprint 77 - Team Tesla, Sprint 84 - Sustaining, Sustaining Sprint 10, Sustaining Sprint 11
    • Support Ticket IDs:

      Description

      Following OPenIG docs to set up password capture replay in http://openig.forgerock.org/doc/gateway-guide/index.html#chap-customizing

      If the user logs in via XUI, the sunIdentityUserPassword value is not set in com.sun.identity.authentication.spi.ReplayPasswd module. The module executes OK - but the attribute is not set.

      If XUI is disabled, it works as expected.

      This could be due to XUI not setting IDToken2

      Steps To Reproduce/Test:

      1) Follow steps to set up OpenAM ReplayPassword from OpenIG docs :
      In the OpenAM console under Access Control > / (Top Level Realm) > Authentication, click All Core Settings, and then add com.sun.identity.authentication.spi.ReplayPasswd to the Authentication Post Processing Classes.

      2) Run OpenAM's com.sun.identity.common.DESGenKey command to generate a shared key for plugin and set - Configuration > Servers and Sites, click on the server name link, go to the Advanced tab and add com.sun.am.replaypasswd.key.

      3) Use the rest authentication and attribute endpoints to check.
      a) curl -v --request POST --header "X-OpenAM-Username: demo" --header "X-OpenAM-Password: changeit" --header "Content-Type: application/json" --data "{}" http://openam-local.example.com:8080/openam/json/authenticate
      b) curl "http://openam-local.example.com:8080/openam/identity/attributes?subjectid=AQIC..&attributenames=sunIdentityUserPassword"

      The encrypted password property should be visible when fixed e.g.
      userdetails.attribute.name=sunIdentityUserPassword
      userdetails.attribute.value==RDi4ZhlotCP3knK6W3ZOMw==

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                warren.strange@forgerock.com Warren Strange
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 5h Original Estimate - 5h
                  5h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 9h
                  9h