Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11678

'Oldest' REST passwordreset selfservice unusable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 13.5.0, 13.5.1, 14.0.0, 5.5.1
    • Fix Version/s: 13.5.3, 6.0.0, 5.5.2
    • Component/s: rest, self-service, upgrade
    • Labels:
    • Environment:
      Mac OS X - 10.11.6
      Java 1.8.0_111-b14
      Apache Tomcat/8.5.4
      OpenAM 13.5.0
    • Sprint:
      AM Sustaining Sprint 43, AM Sustaining Sprint 44, AM Sustaining Sprint 45, AM Sustaining Sprint 46
    • Story Points:
      5
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      "oldest" selfservice password reset is not usable

      How to reproduce the issue

      1. configure OpenAM 13.5.0 (or upgrade to OpenAM 13.5.0 from OpenAM 12)
      2. configure selfservice password reset, choose to send email
      3. configure Email service
      4. if not upgraded from 12.x, configure global REST API version to 'Oldest'
        (ssoadm set-attr-defs -u amadmin -f PATH_TO_PWDFILE -s RestApisService -t global -a openam-rest-apis-default-version=Oldest)
      5. perform REST base password reset for a valid user
        curl -X POST -H 'Content-Type: application/json' -H 'Accept-Language: en-US,de' --data '{"input":{"queryFilter":"uid eq \"demo\""}}' 'http://openam1350.test.xyz:8080/openam/json/selfservice/forgottenPassword?_action=submitRequirements'
      Expected behaviour
      Password rest email should be send
      
      Current behaviour
      REST call fails with
      {"code":400,"reason":"Bad Request","message":"Unable to find account"}
      

      Excerpt from OpenAM debug logs

      CoreSystem debug log
      ...
      org.forgerock.selfservice.core.AnonymousProcessService:09/05/2017 02:19:37:250 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      Advancing stage userQuery
      frRest:09/05/2017 02:19:37:250 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      CrestLoggingFilter :: no token from context, logging user as 'null'
      frRest:09/05/2017 02:19:37:250 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      users :: QUERY attempted by [unknown]
      frRest:09/05/2017 02:19:38:241 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      IdentityResource.queryCollection :: QUERY performed on realm=/  by principalName=null
      org.forgerock.audit.AuditServiceImpl:09/05/2017 02:19:38:242 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      Audit create called for access
      org.forgerock.audit.AuditServiceImpl:09/05/2017 02:19:38:242 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      Audit create id 6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1376
      org.forgerock.audit.AuditServiceImpl:09/05/2017 02:19:38:242 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      Cascading the event of topic access to the handlers : [org.forgerock.audit.handlers.csv.CsvAuditEventHandler@1efec9c7]
      org.forgerock.audit.handlers.csv.CsvFormatter:09/05/2017 02:19:38:242 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      Formatted event: "6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1376","2017-09-05T12:19:38.242Z","AM-ACCESS-OUTCOME","6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374",,,"127.0.0.1","8080","127.0.0.1","61647","CREST","QUERY",,"false","POST","http://openam1350.test.xyz:8080/openam/json/selfservice/forgottenPassword","{""_action"":[""submitRequirements""]}","{""accept"":[""*/*""],""Accept-API-Version"":[""protocol=1.0""],""host"":[""openam1350.test.xyz:8080""],""user-agent"":[""curl/7.43.0""]}","{}",,"SUCCESSFUL",,,"5139","MILLISECONDS","Users","/"
      
      org.forgerock.audit.events.handlers.writers.RotatableWriter:09/05/2017 02:19:38:242 PM CEST: Thread[CsvHandler,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-81]
      Actually writing to file: "6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1376","2017-09-05T12:19:38.242Z","AM-ACCESS-OUTCOME","6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374",,,"127.0.0.1","8080","127.0.0.1","61647","CREST","QUERY",,"false","POST","http://openam1350.test.xyz:8080/openam/json/selfservice/forgottenPassword","{""_action"":[""submitRequirements""]}","{""accept"":[""*/*""],""Accept-API-Version"":[""protocol=1.0""],""host"":[""openam1350.test.xyz:8080""],""user-agent"":[""curl/7.43.0""]}","{}",,"SUCCESSFUL",,,"5139","MILLISECONDS","Users","/"
      
      org.forgerock.audit.events.handlers.writers.RotatableWriter:09/05/2017 02:19:38:242 PM CEST: Thread[CsvHandler,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-81]
      bytes written=2338541
      org.forgerock.selfservice.core.AnonymousProcessService:09/05/2017 02:19:38:242 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      WARNING: Resource exception intercepted
      org.forgerock.json.resource.BadRequestException: Unable to find account
      	at org.forgerock.selfservice.stages.user.UserQueryStage.findUser(UserQueryStage.java:141)
      	at org.forgerock.selfservice.stages.user.UserQueryStage.advance(UserQueryStage.java:96)
      	at org.forgerock.selfservice.stages.user.UserQueryStage.advance(UserQueryStage.java:55)
      	at org.forgerock.selfservice.core.ProgressStageBinder$ProxyProgressStage.advance(ProgressStageBinder.java:92)
      	at org.forgerock.selfservice.core.ProgressStageBinding.advance(ProgressStageBinding.java:50)
      	at org.forgerock.selfservice.core.AnonymousProcessService.enactContext(AnonymousProcessService.java:210)
      	at org.forgerock.selfservice.core.AnonymousProcessService.progressProcess(AnonymousProcessService.java:206)
      	at org.forgerock.selfservice.core.AnonymousProcessService.handleAction(AnonymousProcessService.java:121)
      	at org.forgerock.openam.selfservice.SelfServiceRequestHandler.handleAction(SelfServiceRequestHandler.java:99)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:241)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:59)
      	at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:89)
      	at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:60)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      	at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:74)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:57)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      	at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:137)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:207)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:241)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:59)
      	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:57)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:207)
      	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:33)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:127)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:73)
      	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:185)
      	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:119)
      	at org.forgerock.json.resource.http.HttpAdapter$2.apply(HttpAdapter.java:566)
      	at org.forgerock.json.resource.http.HttpAdapter$2.apply(HttpAdapter.java:563)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:562)
      	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:505)
      	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:171)
      	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:77)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      	at org.forgerock.openam.rest.CrestProtocolEnforcementFilter.filter(CrestProtocolEnforcementFilter.java:61)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:84)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:64)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:220)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$400(AuthenticationFramework.java:65)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:212)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:205)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:168)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$100(AuthenticationFramework.java:65)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:155)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:152)
      	at org.forgerock.util.promise.PromiseImpl$7.handleStateChange(PromiseImpl.java:485)
      	at org.forgerock.util.promise.PromiseImpl.handleCompletion(PromiseImpl.java:567)
      	at org.forgerock.util.promise.PromiseImpl.addOrFireListener(PromiseImpl.java:555)
      	at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:477)
      	at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:468)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:146)
      	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:96)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      	at org.forgerock.openam.http.HandlerProvider.handle(HandlerProvider.java:50)
      	at org.forgerock.openam.http.HttpRoute$3.handle(HttpRoute.java:142)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:60)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:60)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:225)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:113)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:56)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:745)
      ....
      

       

      IdRepo debug log
      amIdm:09/05/2017 02:19:33:104 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      IdUtils.getOrganization: orgIdentifier selfservice found in unknown org lookup cache.
      amIdm:09/05/2017 02:19:38:239 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      IdRepoPluginsCache.getIdRepoPlugins orgName: dc=openam,dc=forgerock,dc=org
      DJLDAPv3Repo:09/05/2017 02:19:38:239 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      getSupportedOperations invoked
      amIdm:09/05/2017 02:19:38:239 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      IdRepoPluginsCache.getIdRepoPlugins for OrgName: dc=openam,dc=forgerock,dc=org Op: Operation: read Type: IdType: user
      DJLDAPv3Repo:09/05/2017 02:19:38:239 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1374]
      search invoked with type: IdType: user crestQuery: [_queryId: *] avPairs: null maxTime: 0 maxResults: 0 returnAttrs: null returnAllAttrs: false filterOp: 1 recursive: false
      

      When 'Latest' REST API is configured then IdRepo debug log shows

      IdRepo debug log
      DJLDAPv3Repo:09/05/2017 02:37:25:684 PM CEST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6c110cad-9c5b-42a8-946c-dcbd7aa2caa1-1870]
      search invoked with type: IdType: user crestQuery: [_queryFilter: /uid eq "demo"] avPairs: null maxTime: 0 maxResults: 0 returnAttrs: null returnAllAttrs: true filterOp: 1 recursive: false
      
      Work around

      if possible use 'Latest' REST API version

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: