Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11789

User remains on 'Loading' page with 'OAuth2.0/OIDC' auth module if authId token expires before entering credentials

    Details

    • Sprint:
      AM Sustaining Sprint 43
    • Story Points:
      5
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      A user remains stuck on an XUI 'Loading' page when using the 'OAuth2.0/OIDC' auth module if the authId token is allowed to expire before they submit their credentials on a remote IDP which then redirects back to AM.

      How to reproduce the issue (Google can be used to test)

      1. Go to https://console.developers.google.com
      2. Create a project and set the redirect uri to be http://am.fqdn:port/am/oauth2c/OAuthProxy.jsp
      3. Find the project's client ID and client secret
      4. In AM create an OAuth 2/OIDC authentication module using information from step 3.

      5. Create user in OpenAM with same email as user you are logging to google.

      To test:

      1. Request http://am.example.com:port/am/XUI/&module=oauth2#login (or simply set the module to be the default for the organisation).  The redirect to Google will take place as expected.
      2. Allow the authId token to expire and then enter the user credentials.
      3. The user is redirected back to AM as expected but remains on a 'Loading' page rather than the profile being displayed as would be expected in this particular test.
      Expected behaviour

      In this particular test the user profile should be displayed.

      Current behaviour

      Currently after the redirect back to AM the user remains on a page in the XUI with 'Loading' in the top left corner.

      Work arounds

      1. Consider adjusting the timeout in /<openam_webapp>/config/auth/default_xx/OAuth.xml and also the 'Invalidate Session Max Time' setting although the behaviour would remain if this increased value was exceeded.

      Reference: https://backstage.forgerock.com/knowledge/kb/article/a23597700

      2. Clear the cookies in the browser and try again.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                adam.heath Adam Heath
                Reporter:
                andy.itter Andy Itter
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: