Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-759

C Agent 5 does not handle session upgrade

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.0.0
    • Fix Version/s: 5.0.0.0
    • Component/s: Web Agents
    • Environment:
       Ubuntu 14 / Apache 2.4 / Version: 5.0.0-SNAPSHOT, Revision: e62147a, Build date: Jul 11 2017 13:47:14

      Description

      C Agent 5 does not handle session upgrade.

      Steps To Reproduce

      1.) Create a new DataStore auth. module with AuthLevel=2, e.g: sessionUpgradeModule
      2.) Create a new chain (sessionUpgradeChain) and add module from step 1 to this chain
      3.) Create a policy 1 for /index.html page
      4.) Create a policy 2 for /cgi-bin/show.cgi page(can be different, it is only example) with policy condition "Authentication by Module Chain" and set sessionUpgradeChains as a value
      5.) Hit the index.page and login with demo user = session was created for default auth level = 1 and as AuthModule was used DataStore
      6.) Hit the page /cgi-bin/show.cgi

      Observed Result

      403 Forbidden

      Expected Result

      You should be redirected to AM login page via auth. chain (service) sessionUpgradeChain. After login you will be able to see protected page by policy 2

      If you look into session properties in LDAP you can see that session was upgraded:

      • "AuthType":"/:sessionUpgradeModule|DataStore"
      • "Service":"/:sessionUpgradechain|ldapService"
      • "AuthLevel":"/:2"

      This is regression compare to 4.1.0 agent

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              nick.james Nicholas James
              Reporter:
              richard.hruza Richard Hruza
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: