Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10934

Authentication succeeds although DeviceIDSave module fails

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.2
    • Fix Version/s: 6.0.0, 5.5.2
    • Component/s: None
    • Labels:
    • Environment:
      Mac OS X 10.11.6

      java version "1.7.0_76"
      Java(TM) SE Runtime Environment (build 1.7.0_76-b13)
      Java HotSpot(TM) 64-Bit Server VM (build 24.76-b04, mixed mode)

      Apache Tomcat/8.0.24

      OpenAM 12.0.2
    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 41, AM Sustaining Sprint 42, AM Sustaining Sprint 44, AM Sustaining Sprint 45, AM Sustaining Sprint 46, AM Sustaining Sprint 47, AM Sustaining Sprint 48, AM Sustaining Sprint 49, AM Sustaining Sprint 50
    • Story Points:
      2
    • Needs backport:
      No
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Configure two-factor auth chain with DeviceIdPrint modules

      Authentication Configuration's entries:
      [name=LDAP] [flag=REQUISITE] [options=]
      [name=DeviceIdMatch] [flag=SUFFICIENT] [options=]
      [name=HOTP] [flag=REQUISITE] [options=]
      [name=DeviceIdSave] [flag=REQUIRED] [options=]
      

      perform service-based auth via

      http://openam1202.test.xyz:8080/openam/XUI/#login/&authIndexType=service&authIndexValue=twoFactor

      Although DeviceIdSave module fails with

      amAuthDeviceIdSave:03/21/2017 12:02:58:425 PM CET: Thread[http-nio-8080-exec-1,5,main]
      ERROR: Cannot get User's Device Print Profiles attribute. java.lang.NullPointerException
      

      the whole authentication is successful due to ProfilePersister.saveDevicePrint() not propagating any exception

      ProfilePersister.saveDevicePrint(...)
              void saveDevicePrint(String name, Map<String, Object> devicePrint) {
      
                  try {
                      List<Map<String, Object>> profiles = devicePrintDao.getProfiles(amIdentity);
      
                      String uuid = UUID.randomUUID().toString();
      
                      while (profiles.size() >= maxProfilesAllowed) {
                          DEBUG.message("Removing oldest user profile due to maximum profiles stored quantity");
                          removeOldestProfile(profiles);
                      }
      
                      long lastSelectedDate = System.currentTimeMillis();
                      Map<String, Object> profile = new HashMap<String, Object>();
                      profile.put("uuid", uuid);
                      profile.put("name", (name == null || name.isEmpty()) ? generateProfileName(new Date(lastSelectedDate)) : name);
                      profile.put("selectionCounter", 1);
                      profile.put("lastSelectedDate", lastSelectedDate);
                      profile.put("devicePrint", devicePrint);
      
                      profiles.add(profile);
      
                      devicePrintDao.saveProfiles(amIdentity, profiles);
      
                  } catch (Exception e) {
                      DEBUG.error("Cannot get User's Device Print Profiles attribute. " + e);
                  }
              }
      

      hence the PersistModuleProcessor returns success

      PeristModuleProcessor.process(..)
      ...
                      profilePersister.saveDevicePrint(name, devicePrintProfile);
      
                      return ISAuthConstants.LOGIN_SUCCEED;
      ...
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sfraser Sam Fraser
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: