Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11615

Restricted tokens fail with "WARNING: PolicyRequestHandler: Invalid user sso token"

    Details

    • Sprint:
      AM Sustaining Sprint 44, AM Sustaining Sprint 45, AM Sustaining Sprint 46, AM Sustaining Sprint 47, AM Sustaining Sprint 48, AM Sustaining Sprint 49
    • Story Points:
      5
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Enabling CDSSO cookie hijacking protection causes the J2EE Agent to respond 403

      How to reproduce the issue

      Install AM 5.1.0 with embedded configuration.
      Setup and 3.5.1 J2EE Agent in / realm with appropriate policies.
      Enabled CDSSO and follow https://backstage.forgerock.com/docs/am/5.1/authentication-guide/#enable-cdsso-cookie-hijacking-protection

      Expected behaviour

      Agent allows access after login.

      Current behaviour

      403 access denied

      Code analysis

      Didn't hit this error when testing on pre-release 5.0 snapshot. Could this be related to use of 13.5.0-1 client SDK in the final release?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: