Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11280

authentication with noSession=true fails if post authentication plugin class is present

    Details

    • Sprint:
      AM Sustaining Sprint 39
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      Problem summary

      A request for an access token request fails if a post authentication plugin class is present in the chain.

      Note: This issue affects 14.0 and 14.1 (AM 5 and 5.1).  It is not a problem in 13.5.

       

      To reproduce

      1) Add a post authentication plugin to realm's authentication settings
      2) Send authentication request

      curl -v -d '' -H "X-OpenAM-Username: demo" -H "X-OpenAM-Password: changeit" "http://openam.example.com:18080/opensso/json/authenticate?authIndexType=module&authIndexValue=LDAP&noSession=true"
      

      3) Observe 500 response

      < HTTP/1.1 500 Internal Server Error
      < Server: Apache-Coyote/1.1
      < X-Frame-Options: SAMEORIGIN
      < Set-Cookie: amlbcookie=01; Domain=openam.example.com; Path=/
      < Content-API-Version: resource=2.1
      < Transfer-Encoding: chunked
      < Date: Mon, 19 Jun 2017 04:47:40 GMT
      < Connection: close
      

      OR

      1). Setup AM 5.1 or 5.0, configure OAuth2 in the usual way.

      2). Request an access token successfully, for example:

      curl -X POST --user "test:Welcome1" --data "grant_type=password&username=demo&password=Welcome1&scope=mail" http://openam.example.com:8080/openam/oauth2/access_token

      3). Add a post-authentication processing class to the default ldapService chain, for example use the persistent cookie:

      org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookieAuthModulePostAuthenticationPlugin

      4). Request the access token again and the following is now seen:

      {"error_description":"Internal Server Error","error":"server_error"

      ...with a NPE in the OAuth2Provider debug log:

      Caused by: java.lang.NullPointerException
      at com.sun.identity.authentication.service.LoginState.setPostLoginInstancesProperty(LoginState.java:4973)
      at com.sun.identity.authentication.service.LoginState.postProcess(LoginState.java:4809)
      at com.sun.identity.authentication.service.AMLoginContext.postProcessOnSuccess(AMLoginContext.java:1881)
      at com.sun.identity.authentication.service.AMLoginContext.getStatus(AMLoginContext.java:1038)
      at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:588)
      at com.sun.identity.authentication.AuthContext.submitRequirements(AuthContext.java:1234)
      at com.sun.identity.authentication.AuthContext.submitRequirements(AuthContext.java:1220)
      at org.forgerock.oauth2.core.ResourceOwnerAuthenticator.authenticate(ResourceOwnerAuthenticator.java:125)
      at org.forgerock.oauth2.core.ResourceOwnerAuthenticator.authenticate(ResourceOwnerAuthenticator.java:84)
      at org.forgerock.oauth2.core.PasswordCredentialsGrantTypeHandler.handle(PasswordCredentialsGrantTypeHandler.java:80)
      at org.forgerock.oauth2.core.GrantTypeHandler.handle(GrantTypeHandler.java:75)
      at org.forgerock.oauth2.core.AccessTokenService.requestAccessToken(AccessTokenService.java:114)
      at org.forgerock.oauth2.restlet.TokenEndpointResource.token(TokenEndpointResource.java:79)
      at sun.reflect.GeneratedMethodAccessor176.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)

       

      Expected behaviour

      The request for an access token should complete successfully in this scenario as occurs in 13.5.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                andy.itter Andy Itter
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: