Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11391

Requesting 'OAuth2.0/OIDC' auth module a second time results in display of AM's "Authentication Failed" page

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0, 14.0.0, 14.1.0
    • Fix Version/s: 13.5.2, 14.5.0, 14.1.2
    • Component/s: oauth2, XUI
    • Labels:
    • Sprint:
      AM Sustaining Sprint 42
    • Story Points:
      3
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Requesting the 'OAuth2.0/OIDC' auth module a second time directly after the first request results in the AM "Unable to Login" page being shown with the "Authentication Failed" pop-up message.

      How to reproduce the issue (Google can be used for this test)

      1. Go to https://console.developers.google.com
      2. Create a project and set the redirect uri to be http://am.fqdn:port/oauth2c/OAuthProxy.jsp
      3. Find the project's client ID and client secret
      4. In AM create an OAuth 2/OIDC authentication module using information from step 3.

      To test:

      1. Request http://am.example.com:port/am/XUI/#login/&module=oauth2 (or simply set the module to be the default for the organisation)

      The redirect to Google will take place as expected.

      2. Request http://am.example.com:port/am/XUI/#login/&module=oauth2 for a second time - the AM 'Unable to Login' page will be displayed and the user will not be sent to Google.

      Expected behaviour

      The user should be sent back to Google as occurs in the first request.

      Current behaviour

      The user is shown the AM "Unable to Login" page with the "Authentication Failed" pop-up message.

      This is an undesirable user experience.

      Work around

      Send the request a third time.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                adam.heath Adam Heath
                Reporter:
                andy.itter Andy Itter
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: