Affects Version/s: 13.5.0, 13.5.1, 14.0.0, 14.1.0, 14.1.1, 14.5.0
Sprint:AM Sustaining Sprint 43
Support Ticket IDs:
A user remains stuck on an XUI 'Loading' page when using the 'OAuth2.0/OIDC' auth module if the authId token is allowed to expire before they submit their credentials on a remote IDP which then redirects back to AM.
1. Go to https://console.developers.google.com
2. Create a project and set the redirect uri to be http://am.fqdn:port/am/oauth2c/OAuthProxy.jsp
3. Find the project's client ID and client secret
4. In AM create an OAuth 2/OIDC authentication module using information from step 3.
- client id and secret
- Authn endpoint URL: https://accounts.google.com/o/oauth2/v2/auth
- Access token endpoint URL:https://www.googleapis.com/oauth2/v4/token
- User Profile service URL: https://www.googleapis.com/oauth2/v3/userinfo
- Scope: openid email profile
- Proxy URL: default - same as used for redirect URL when creating the Google project eg .../OAuthProxy.jsp
- Account mapper config: email=mail
- Attribute mapper config: email=mail
- OpenID connect validation config type: jwk_url
- OpenID Connect validation configuration value: https://www.googleapis.com/oauth2/v3/certs
- Token Issuer: https://accounts.google.com
5. Create user in OpenAM with same email as user you are logging to google.
- Request http://am.example.com:port/am/XUI/&module=oauth2#login (or simply set the module to be the default for the organisation). The redirect to Google will take place as expected.
- Allow the authId token to expire and then enter the user credentials.
- The user is redirected back to AM as expected but remains on a 'Loading' page rather than the profile being displayed as would be expected in this particular test.
In this particular test the user profile should be displayed.
Currently after the redirect back to AM the user remains on a page in the XUI with 'Loading' in the top left corner.
1. Consider adjusting the timeout in /<openam_webapp>/config/auth/default_xx/OAuth.xml and also the 'Invalidate Session Max Time' setting although the behaviour would remain if this increased value was exceeded.
2. Clear the cookies in the browser and try again.