[OPENAM-11615] Restricted tokens fail with "WARNING: PolicyRequestHandler: Invalid user sso token" - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 14.1.0
Fix Version/s: 14.1.1, 6.0.0, 5.5.2
Component/s: authentication, cdsso, j2ee agents
Labels:
- EDISON

Target Version/s:

14.1.1, 6.0.0, 5.5.2
Rank:
1|hzq2o7:

Sprint:
AM Sustaining Sprint 44, AM Sustaining Sprint 45, AM Sustaining Sprint 46, AM Sustaining Sprint 47, AM Sustaining Sprint 48, AM Sustaining Sprint 49
Story Points:
5
Needs backport:

No

Support Ticket IDs:

Needs QA verification:

Yes
Functional tests:

No
Are the reproduction steps defined?:

Yes and I used the same an in the description

Description

Bug description

Enabling CDSSO cookie hijacking protection causes the J2EE Agent to respond 403

How to reproduce the issue

Install AM 5.1.0 with embedded configuration.
Setup and 3.5.1 J2EE Agent in / realm with appropriate policies.
Enabled CDSSO and follow https://backstage.forgerock.com/docs/am/5.1/authentication-guide/#enable-cdsso-cookie-hijacking-protection

Expected behaviour

Agent allows access after login.

Current behaviour

403 access denied

Code analysis

Didn't hit this error when testing on pre-release 5.0 snapshot. Could this be related to use of 13.5.0-1 client SDK in the final release?

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

threadStack.txt
10 kB
18/Jan/18 5:42 PM

Issue Links

relates to

OPENAM-15744 com.sun.identity.enableUniqueSSOTokenCookie=true results in infinite redirects

Resolved

AMAGENTS-859 Restricted Tokens

Closed

Activity

People

Assignee:

Sachiko Wallace

Reporter:

Andrew Dunn [X] (Inactive)

Votes:

0 Vote for this issue

Watchers:

10 Start watching this issue

Dates

Created:

24/Aug/17 5:28 PM

Updated:

09/Dec/19 11:18 PM

Resolved:

08/Mar/18 12:21 AM