Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10802

bugs caused by hard coded amadmin check in admincheck.jsp and AjaxProxy.jsp

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 12.0.0, 13.0.0, 13.5.0, 7.0.0
    • None
    • console, XUI
    • None
    • Rank:
      1|hzt1mv:
    • 0
    • No
    • None

    Description

      Overview

      There are hard coded checks to see whether the user is amadmin in the following files:

      WEB-INF/jsp/admincheck.jsp
      console/ajax/AjaxProxy.jsp

      Instead these should check whether a user is an administrative user by checking delegated privleges. This will reduce the need for customers to use the amadmin account.

      Detail

      The following administrative jsp pages are only available to amadmin because of admincheck.jsp:

      • Debug.jsp
      • encode.jsp
      • showServerConfig.jsp
      • services.jsp
      • ssoadm.jsp

      Most workflow tasks triggered from the realm common tasks page can only be executed by amadmin because of the hard coded amadmin check in AjaxProxy.jsp:

      • Configure SAMLv2 Provider
      • Configure OAuth Provider
      • Create Fedlet
      • Configure google apps
      • Configure salesforce crm
      • Configure social authentication

      Screenshots are attached showing examples of how these fail when an administrative OpenAM account with full privileges.

      Attachments

        1. OpenAM.png
          OpenAM.png
          75 kB
        2. OpenAM.png
          OpenAM.png
          113 kB

        Issue Links

          Activity

            People

              Unassigned Unassigned
              simon.harding Simon Harding
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: