Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11988

HTTP 500 when validating SSO tokens if API version is omitted in AM 5.5

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 14.5.0
    • 14.5.1, 6.0.0
    • session
    • None
    • Rank:
      1|hzukbz:
    • No
    • No
    • Yes
    • Yes and I used the same an in the description

      Description

      In AM 5.5 SSO token validation no longer functions and returns a HTTP 500 Internal Server Error error. 

       

      The following getSessionInfo call work fine in AM 5.1.1/5.1/5.0 but no longer function in AM 5.5.

       

      user_token=`curl -X POST -H "X-OpenAM-Username: demo" -H "X-OpenAM-Password: changeit" -H "Content-Type: application/json" -d '' http://openam.test.com:8080/openam/json/realms/root/authenticate | jq -r .tokenId`
      admin_token=`curl -X POST -H "X-OpenAM-Username: amadmin" -H "X-OpenAM-Password: password" -H "Content-Type: application/json" -d '' http://openam.test.com:8080/openam/json/realms/root/authenticate | jq -r .tokenId`
      curl --request POST --header "iplanetDirectoryPro: $admin_token" "http://openam.test.com:8080/openam/json/realms/root/sessions/?_action=getSessionInfo&tokenId=$user_token" -v | jq .
      curl --request POST --header "iplanetDirectoryPro: $user_token" "http://openam.test.com:8080/openam/json/realms/root/sessions/?_action=getSessionInfo" -v

       

      Result in AM 5.5:

      Trying 172.16.90.150...
      * Connected to openam.test.com (172.16.90.150) port 8190 (#0)
      > POST /openam/json/realms/root/sessions/?_action=getSessionInfo&tokenId=aDJ76PTheHFzzDKjorCiEc56u8o.*AAJTSQACMDEAAlNLABx4TUtWV2tCQ2c1dEhtcFZHVWRHeHFZMU9NYVE9AAJTMQAA* HTTP/1.1
      > User-Agent: curl/7.35.0
      > Host: openam.test.com:8190
      > Accept: */*
      > Accept-API-Version : resource=2.0, protocol=1.0
      > iplanetDirectoryPro: eACXxcwFr4BrExeTPu-eBoqCbng.*AAJTSQACMDEAAlNLABx0bmdyMXdKazJDckpCazUxUm1DWWRXTGlOSEU9AAJTMQAA*
      >
      < HTTP/1.1 500 Internal Server Error

       

      Furthermore the API Explorer also returns an Internal Server Error, as does a request where tokenId is included in the POST body.

      Note if API version 2.0 is specified the call functions as expected:

       

      curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Accept-API-Version: resource=2.0' 'http://openam.test.com:8080/openam/json/sessions?tokenId=3H5xP25IBdR4JFXeu9draa8bkyI.AAJTSQACMDEAAlNLABxsT3dyL0MwbjZWcGtqNnE0a2dVcFVmRncyWGc9AAJTMQAA&_action=getSessionInfo'

      Result:

      "properties": {},
       "maxSessionExpirationTime": "2017-10-24T09:27:41Z",
       "maxIdleExpirationTime": "2017-10-24T08:23:14Z",
       "latestAccessTime": "2017-10-24T07:53:14Z",
       "realm": "/",
       "universalId": "id=demo,ou=user,dc=openam,dc=forgerock,dc=org",
       "username": "demo"
      }

        Attachments

          Issue Links

            Activity

              People

              Unassigned Unassigned
              shokard Darinder Shokar
              Votes:
              2 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: