Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11610

WindowSSO module broken in AM 5.1.1 after upgrade

    Details

    • Sprint:
      AM Sustaining Sprint 42
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Upgrade a working WindowSSO module from AM 5.1.0 to AM 5.1.1 ( or OpenAM 14.1.1 ),

      http://openam.example.com:8080/openam/UI/Login?realm=demo&module=Windows

      the authentication module will fail with the following exception

      amAuth:08/24/2017 05:53:35:143 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[0f0c34dc-e29b-4cd4-bff9-6a1e1032bde0-232]
       Exception
       javax.security.auth.login.LoginException: java.lang.ArrayIndexOutOfBoundsException: 7   <=========
       at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.initWindowsDesktopSSOAuth(WindowsDesktopSSO.java:591)
       at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.process(WindowsDesktopSSO.java:158)
       at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1083)
       at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1274)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:606)
       at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:219)
       at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:127)
       at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:559)
       at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:586)
       at org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper.submitRequirements(AuthContextLocalWrapper.java:107)
       at org.forgerock.openam.core.rest.authn.core.LoginProcess.next(LoginProcess.java:167)
       at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.processAuthentication(RestAuthenticationHandler.java:260)
       at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:165)
       at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.initiateAuthentication(RestAuthenticationHandler.java:96)
       at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:159)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      The above "ArrayIndexOutOfBoundsException" error will not be shown if an authenticating chain is used but there is a similar error as below

      ( Search for WindowsDesktopSSO params )

      WindowsDesktopSSO params:   <=======
      principal: HTTP/openam.example.com@EXAMPLE.COM
      keytab file: /home/forgerock/openam11-13-windowSSO/server.keytab
      realm : EXAMPLE.COM
      kdc server: northface.example.com
      domain principal: false
      Lookup user in realm:false
      Accepted Kerberos realms: []
      amAuthWindowsDesktopSSO:08/26/2017 02:33:29:268 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      Init WindowsDesktopSSO. This should not happen often.
      amAuthWindowsDesktopSSO:08/26/2017 02:33:29:268 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      New Service Login ...
      amAuthWindowsDesktopSSO:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      Service login succeeded.
      amLoginModule:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      SETTING Failure Module name.... :Windows   <==============
      amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      Module name is .. Windows
      amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      failureModuleSet is : [Windows]     <============
      amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      getUserDN: null
      amJAAS:08/26/2017 02:33:29:279 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223]
      Method login LoginModuleControlFlag: sufficient failure.  <================

       

       

       

       

       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sam.phua Sam Phua
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: