-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 14.1.1
-
Component/s: authentication
-
Labels:
Upgrade a working WindowSSO module from AM 5.1.0 to AM 5.1.1 ( or OpenAM 14.1.1 ),
http://openam.example.com:8080/openam/UI/Login?realm=demo&module=Windows
the authentication module will fail with the following exception
amAuth:08/24/2017 05:53:35:143 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[0f0c34dc-e29b-4cd4-bff9-6a1e1032bde0-232] Exception javax.security.auth.login.LoginException: java.lang.ArrayIndexOutOfBoundsException: 7 <========= at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.initWindowsDesktopSSOAuth(WindowsDesktopSSO.java:591) at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.process(WindowsDesktopSSO.java:158) at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1083) at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1274) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:219) at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:127) at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:559) at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:586) at org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper.submitRequirements(AuthContextLocalWrapper.java:107) at org.forgerock.openam.core.rest.authn.core.LoginProcess.next(LoginProcess.java:167) at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.processAuthentication(RestAuthenticationHandler.java:260) at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:165) at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.initiateAuthentication(RestAuthenticationHandler.java:96) at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:159) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
The above "ArrayIndexOutOfBoundsException" error will not be shown if an authenticating chain is used but there is a similar error as below
( Search for WindowsDesktopSSO params )
WindowsDesktopSSO params: <======= principal: HTTP/openam.example.com@EXAMPLE.COM keytab file: /home/forgerock/openam11-13-windowSSO/server.keytab realm : EXAMPLE.COM kdc server: northface.example.com domain principal: false Lookup user in realm:false Accepted Kerberos realms: [] amAuthWindowsDesktopSSO:08/26/2017 02:33:29:268 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] Init WindowsDesktopSSO. This should not happen often. amAuthWindowsDesktopSSO:08/26/2017 02:33:29:268 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] New Service Login ... amAuthWindowsDesktopSSO:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] Service login succeeded. amLoginModule:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] SETTING Failure Module name.... :Windows <============== amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] Module name is .. Windows amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] failureModuleSet is : [Windows] <============ amAuth:08/26/2017 02:33:29:278 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] getUserDN: null amJAAS:08/26/2017 02:33:29:279 PM SGT: Thread[http-nio-8080-exec-8,5,main]: TransactionId[43345244-65f4-4acd-a125-f663656b7642-2223] Method login LoginModuleControlFlag: sufficient failure. <================
- is caused by
-
OPENAM-5152 AMAuthLevelManager miscalculates auth level
-
- Resolved
-
-
OPENAM-5153 Auth modules should call setAuthLevel after successful login
-
- Resolved
-