Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11789

User remains on 'Loading' page with 'OAuth2.0/OIDC' auth module if authId token expires before entering credentials

    XMLWordPrintable

    Details

    • AM Sustaining Sprint 43
    • 5
    • Yes
    • Yes
    • No
    • Yes and I used the same an in the description

      Description

      Bug description

      A user remains stuck on an XUI 'Loading' page when using the 'OAuth2.0/OIDC' auth module if the authId token is allowed to expire before they submit their credentials on a remote IDP which then redirects back to AM.

      How to reproduce the issue (Google can be used to test)

      1. Go to https://console.developers.google.com
      2. Create a project and set the redirect uri to be http://am.fqdn:port/am/oauth2c/OAuthProxy.jsp
      3. Find the project's client ID and client secret
      4. In AM create an OAuth 2/OIDC authentication module using information from step 3.

      5. Create user in OpenAM with same email as user you are logging to google.

      To test:

      1. Request http://am.example.com:port/am/XUI/&module=oauth2#login (or simply set the module to be the default for the organisation).  The redirect to Google will take place as expected.
      2. Allow the authId token to expire and then enter the user credentials.
      3. The user is redirected back to AM as expected but remains on a 'Loading' page rather than the profile being displayed as would be expected in this particular test.
      Expected behaviour

      In this particular test the user profile should be displayed.

      Current behaviour

      Currently after the redirect back to AM the user remains on a page in the XUI with 'Loading' in the top left corner.

      Work arounds

      1. Consider adjusting the timeout in /<openam_webapp>/config/auth/default_xx/OAuth.xml and also the 'Invalidate Session Max Time' setting although the behaviour would remain if this increased value was exceeded.

      Reference: https://backstage.forgerock.com/knowledge/kb/article/a23597700

      2. Clear the cookies in the browser and try again.

        Attachments

          Issue Links

            Activity

              People

              adam.heath Adam Heath
              andy.itter Andy Itter
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: