Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-2385

com.sun.identity.agents.config.organization.name need to have a forward slash for sub realm entry

    Details

      Description

      Bug description

      com.sun.identity.agents.config.organization.name need to have a forward slash for sub realm entry

      How to reproduce the issue

      The entry com.sun.identity.agents.config.organization.name contain an entry without a forward slash

      eg com.sun.identity.agents.config.organization.name = TTActiveDirectory

       

      Expected behaviour
      Authentication is successful
      Current behaviour
      403 is encountered with the following error "agent_realm does not have the expected value: JWT"
      
      2019-01-09 07:13:34 GMT DEBUG   [ccfea4ec-8ee5-444d-bc4f-0360b9952af1]: (source/oidc.c:421) JWT {"sub":"amadmin","auditTrackingId":"549e61bb-db3f-4f91-afa8-84889642def0-28539","iss":"http://openam.internal.example.com:8080/openam/oauth2","tokenName":"id_token","nonce":"BCF3F2FE083D0F5B81F8E854085DC134","aud":"webagent","acr":"0","s_hash":"zi7yxrRmmC_cL-fmB-C5-g","azp":"webagent","auth_time":1547018012,"forgerock":{"ssotoken":"PO4V_c7JG-K8pQnTaXy-SxYxBBE.*AAJTSQACMDEAAlNLABxQb2FvSjhZT2pTZHkxNUczbkQ3VEFEaEljNzg9AAR0eXBlAANDVFMAAlMxAAA.*","suid":"549e61bb-db3f-4f91-afa8-84889642def0-28443"},"realm":"/","exp":1547025212,"tokenType":"JWTToken","iat":1547018012,"agent_realm":"/TTActiveDirectory"}
      2019-01-09 07:13:34 GMT DEBUG   [ccfea4ec-8ee5-444d-bc4f-0360b9952af1]: (source/oidc.c:271) agent_realm does not have the expected value: JWT {"sub":"amadmin","auditTrackingId":"549e61bb-db3f-4f91-afa8-84889642def0-28539","iss":"http://openam.internal.example.com:8080/openam/oauth2","tokenName":"id_token","nonce":"BCF3F2FE083D0F5B81F8E854085DC134","aud":"webagent","acr":"0","s_hash":"zi7yxrRmmC_cL-fmB-C5-g","azp":"webagent","auth_time":1547018012,"forgerock":{"ssotoken":"PO4V_c7JG-K8pQnTaXy-SxYxBBE.*AAJTSQACMDEAAlNLABxQb2FvSjhZT2pTZHkxNUczbkQ3VEFEaEljNzg9AAR0eXBlAANDVFMAAlMxAAA.*","suid":"549e61bb-db3f-4f91-afa8-84889642def0-28443"},"realm":"/","exp":1547025212,"tokenType":"JWTToken","iat":1547018012,"agent_realm":"/TTActiveDirectory"}
      2019-01-09 07:13:34 GMT WARNING [ccfea4ec-8ee5-444d-bc4f-0360b9952af1]: redirect_after_authn(): unable to validate JWT
      2019-01-09 07:13:34 GMT DEBUG   [ccfea4ec-8ee5-444d-bc4f-0360b9952af1]: (source/apache/agent.c:889) amagent_auth_handler(): exit status: forbidden (3)
      
      

      Work around

      use a forward slash

      com.sun.identity.agents.config.organization.name= /TTActiveDirectory

       

       

        Attachments

          Activity

            People

            • Assignee:
              mareks Mareks Malnacs
              Reporter:
              sam.phua Sam Phua
              QA Assignee:
              Richard Hruza
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: