Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11610

WindowSSO module broken in AM 5.1.1 after upgrade

    Details

    • Sprint:
      AM Sustaining Sprint 42
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Upgrade a working WindowSSO module from AM 5.1.0 to AM 5.1.1 ( or OpenAM 14.1.1 ),

      http://openam.example.com:8080/openam/UI/Login?realm=demo&module=Windows

      the authentication module will fail with the following exception

      amAuth:08/24/2017 05:53:35:143 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[0f0c34dc-e29b-4cd4-bff9-6a1e1032bde0-232]
 Exception
 javax.security.auth.login.LoginException: java.lang.ArrayIndexOutOfBoundsException: 7   <=========
 at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.initWindowsDesktopSSOAuth(WindowsDesktopSSO.java:591)
 at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.process(WindowsDesktopSSO.java:158)
 at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1083)
 at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1274)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:219)
 at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:127)
 at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:559)
 at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:586)
 at org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper.submitRequirements(AuthContextLocalWrapper.java:107)
 at org.forgerock.openam.core.rest.authn.core.LoginProcess.next(LoginProcess.java:167)
 at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.processAuthentication(RestAuthenticationHandler.java:260)
 at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:165)
 at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.initiateAuthentication(RestAuthenticationHandler.java:96)
 at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:159)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      The above "ArrayIndexOutOfBoundsException" error will not be shown if an authenticating chain is used but there is a similar error as below

      ( Search for WindowsDesktopSSO params )

      WindowsDesktopSSO params:   <=======
principal: HTTP/openam.example.com@EXAMPLE.COM
keytab file: /home/forgerock/openam11-13-windowSSO/server.keytab
realm : EXAMPLE.COM
kdc server: northface.example.com
domain principal: false
Lookup user in realm:false
Accepted Kerberos realms: []
amAuthWindowsDesktopSSO:08/26/2017 02:33:29:268 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
Init WindowsDesktopSSO. This should not happen often.
amAuthWindowsDesktopSSO:08/26/2017 02:33:29:268 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
New Service Login ...
amAuthWindowsDesktopSSO:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
Service login succeeded.
amLoginModule:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
SETTING Failure Module name.... :Windows   <==============
amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
Module name is .. Windows
amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
failureModuleSet is : [Windows]     <============
amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
getUserDN: null
amJAAS:08/26/2017 02:33:29:279 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
Method login LoginModuleControlFlag: sufficient failure.  <================

       

       

       

       

       

       

        Attachments

          Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-5152 AMAuthLevelManager miscalculates auth level

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-5153 Auth modules should call setAuthLevel after successful login

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sam.phua Sam Phua
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: