Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-3051

Agent is enforcing case sensitivity for agent_realm parameter in the jwt id_token received from AM

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.0.0, 5.5.0.0, 5.6.1.0
    • Fix Version/s: 5.6.2.2, 5.7.0
    • Component/s: Web Agents
    • Labels:

      Description

      Forgerock AM treat's realm's as case insensitive. One can not create /customers realm if /Customers is already created. A call to AM will return results if you use /customers or /Customers, and the XUI will maintain the realm case that you specified when coming to it.

      The Web Agent should not force case sensitivity for realm or agent_realm.

      If for what ever reason, AM returns in the JWT id_token, the agent_realm in a different case then what the Agent is configured under, it will return an error like this, agent_realm does not have the expected value:

      2019-10-30 15:19:54 Central Standard Time DEBUG   [d9102e07-2886-ca0d-2979-d6b7d2dc270a]: (source/oidc.c:265) *agent_realm does not have the expected value*: JWT {"sub":"david.bate@forgerock.com","auditTrackingId":"b5545a24-c40c-43df-89e0-71ea65ba5e95-263546","iss":"https://uat-login.forgerock.com:443/am/oauth2/realms/root/realms/customers","tokenName":"id_token","nonce":"438FF4D51023B2A9A5AA45ED02F44CBF","aud":"AccessOnline-Demo-Ext","acr":"0","azp":"AccessOnline-Demo-Ext","auth_time":1572448794,"forgerock":{"ssotoken":"5ZQnVHovj-snAcK81Bflv0z9JlA.*AAJTSQACMDIAAlNLABxkZXdPeHFzYzFsZkFIeW9SakMzbTlGY2lMcDQ9AAR0eXBlAANDVFMAAlMxAAIwNA..*","suid":"b5545a24-c40c-43df-89e0-71ea65ba5e95-263527"},"realm":"/customers","exp":1572455995,"tokenType":"JWTToken","iat":1572448795,"agent_realm":"/customers"}
      

      Even though the realm was created as /Customers and the agent is configured with /Customers for the realm, it shouldn't matter the case of the realm or agent_realm that comes back.

        Attachments

          Activity

            People

            Assignee:
            alex.levin@forgerock.com Alex Levin
            Reporter:
            david.bate David Bate
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: