Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11108

OpenAM SPAdapter.preSingleSignOnRequest(…) Request NOT Invoked

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 13.5.0
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
    • Environment:
      Windows Server 2012 R2
    • Sprint:
      AM Sustaining Sprint 39, AM Sustaining Sprint 40, AM Sustaining Sprint 41
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Overview:

      With the following setup with an IDP Proxy:
      2 IDPs -> IDP Proxy -> SP -> Policy Agents

      The following SP Adapter method configured in the SP does not fire when using SAMLv2 integrated auth module and IDP Proxy.

      /**

      • Invokes before OpenAM sends the Single-Sign-On request to IDP.
        ...
      • @param authnRequest the authentication request to be send to IDP
      • @exception SAML2Exception if user want to fail the process.
        */
        public void preSingleSignOnRequest(…)

      Details:

      We have SAMLv2 Adapter classes plugged in at:

      • IDP Proxy on "IDP" side called EAMSAML2IDXIDPAdapter
      • IDP Proxy on "SP" side called EAMSAML2IDXSPAdapter
      • SP called EAMSAML2SPAdapter

      With the above adapters we are experiencing the following flow:

      [*]EAMSAML2IDXIDPAdapter.constructor...
      [*]EAMSAML2IDXIDPAdapter.initialize: ...
      [*]EAMSAML2IDXIDPAdapter.preSingleSignOn: ...

      [*]EAMSAML2IDXSPAdapter.constructor...
      [*]EAMSAML2IDXSPAdapter.initialize: initialized!!!
      [*]EAMSAML2IDXSPAdapter.preSingleSignOnRequest: ...
      < IDP Authentication >
      [*]EAMSAML2IDXSPAdapter.preSingleSignOnProcess: ...
      [*]EAMSAML2IDXSPAdapter.postSingleSignOnSuccess: ...

      [*]EAMSAML2IDXIDPAdapter.preSendResponse: ...
      [*]EAMSAML2IDXIDPAdapter.preSignResponse: ...

      [*]EAMSAML2SPAdapter.constructor...
      [*]EAMSAML2SPAdapter.initialize: initialized!!!
      [*]EAMSAML2SPAdapter.preSingleSignOnProcess: ...

      However, the expected flow is as follows:

      [*]EAMSAML2SPAdapter.constructor... <== EXPECTED FIRST AT SP!!!!!
      [*]EAMSAML2SPAdapter.initialize: initialized!!! <== EXPECTED FIRST AT SP!!!!!
      [*]EAMSAML2SPAdapter.preSingleSignOnRequest: ... <== EXPECTED FIRST AT SP!!!!!

      [*]EAMSAML2IDXIDPAdapter.constructor...
      [*]EAMSAML2IDXIDPAdapter.initialize: ...
      [*]EAMSAML2IDXIDPAdapter.preSingleSignOn: ...

      [*]EAMSAML2IDXSPAdapter.constructor...
      [*]EAMSAML2IDXSPAdapter.initialize: initialized!!!
      [*]EAMSAML2IDXSPAdapter.preSingleSignOnRequest: ...
      < IDP Authentication >
      [*]EAMSAML2IDXSPAdapter.preSingleSignOnProcess: ...
      [*]EAMSAML2IDXSPAdapter.postSingleSignOnSuccess: ...

      [*]EAMSAML2IDXIDPAdapter.preSendResponse: ...
      [*]EAMSAML2IDXIDPAdapter.preSignResponse: ...

      [*]EAMSAML2SPAdapter.preSingleSignOnProcess: ...

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sfraser Sam Fraser
                Reporter:
                nikolaosGAC Nikolaos Giannopoulos
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: