Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11526

Realm Authentication chain post authentication classes PAP not triggered on chains with multiple modules


    • Support Ticket IDs:
    • Needs QA verification:
    • Functional tests:
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description


      Bug description

      With the fix in OPENAM-9979, when default PAP in the realm is set and we have a service chain, the change always looks for this service chain PAP. If this is empty it will not use the realm PAP. So nothing get trigger.

      How to reproduce the issue

      1. Install a PAP to the realm
      2. Create a service chain say { WSSO (SUFFICIENT) , DataStore (REQUISITE)
      3. Set the default Org chain to the above test chain
      4. Access the authentiction normally (w/o service or module parameters)

      Expected behaviour
      PAP gets trigger
      Current behaviour
      PAP does not get trigger

      On 13.5.0 this works. The 14.0.0 and 14.1.0 is not affect by this
      since OPENAM-9979 is not there. However may need to make sure later
      14.x.x does not have this issue.

      Work around

      Define an extra PAP at the Service chain

      Code analysis

      Code in 13.5.0 did a else if in setPostLoginInstances(...) for the
      indexType==null case. But in 13.5.1 this is split into two statatement.
      However the issue is that what happens
      if the postLoginClassSet=getServicePostLoginClassSet(orgAuthConfig) is itself
      empty and hence not taking any organization defaults.

      The code should use the orgPostLoginClassSet in that case.




            • Assignee:
              chee-weng.chea C-Weng C
              chee-weng.chea C-Weng C
            • Votes:
              1 Vote for this issue
              4 Start watching this issue


              • Created: