Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11988

HTTP 500 when validating SSO tokens if API version is omitted in AM 5.5

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 14.5.0
    • Fix Version/s: 14.5.1, 6.0.0
    • Component/s: session
    • Labels:
      None
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      In AM 5.5 SSO token validation no longer functions and returns a HTTP 500 Internal Server Error error. 

       

      The following getSessionInfo call work fine in AM 5.1.1/5.1/5.0 but no longer function in AM 5.5.

       

      user_token=`curl -X POST -H "X-OpenAM-Username: demo" -H "X-OpenAM-Password: changeit" -H "Content-Type: application/json" -d '' http://openam.test.com:8080/openam/json/realms/root/authenticate | jq -r .tokenId`
      admin_token=`curl -X POST -H "X-OpenAM-Username: amadmin" -H "X-OpenAM-Password: password" -H "Content-Type: application/json" -d '' http://openam.test.com:8080/openam/json/realms/root/authenticate | jq -r .tokenId`
      curl --request POST --header "iplanetDirectoryPro: $admin_token" "http://openam.test.com:8080/openam/json/realms/root/sessions/?_action=getSessionInfo&tokenId=$user_token" -v | jq .
      curl --request POST --header "iplanetDirectoryPro: $user_token" "http://openam.test.com:8080/openam/json/realms/root/sessions/?_action=getSessionInfo" -v

       

      Result in AM 5.5:

      Trying 172.16.90.150...
      * Connected to openam.test.com (172.16.90.150) port 8190 (#0)
      > POST /openam/json/realms/root/sessions/?_action=getSessionInfo&tokenId=aDJ76PTheHFzzDKjorCiEc56u8o.*AAJTSQACMDEAAlNLABx4TUtWV2tCQ2c1dEhtcFZHVWRHeHFZMU9NYVE9AAJTMQAA* HTTP/1.1
      > User-Agent: curl/7.35.0
      > Host: openam.test.com:8190
      > Accept: */*
      > Accept-API-Version : resource=2.0, protocol=1.0
      > iplanetDirectoryPro: eACXxcwFr4BrExeTPu-eBoqCbng.*AAJTSQACMDEAAlNLABx0bmdyMXdKazJDckpCazUxUm1DWWRXTGlOSEU9AAJTMQAA*
      >
      < HTTP/1.1 500 Internal Server Error

       

      Furthermore the API Explorer also returns an Internal Server Error, as does a request where tokenId is included in the POST body.

      Note if API version 2.0 is specified the call functions as expected:

       

      curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Accept-API-Version: resource=2.0' 'http://openam.test.com:8080/openam/json/sessions?tokenId=3H5xP25IBdR4JFXeu9draa8bkyI.AAJTSQACMDEAAlNLABxsT3dyL0MwbjZWcGtqNnE0a2dVcFVmRncyWGc9AAJTMQAA&_action=getSessionInfo'

      Result:

      "properties": {},
       "maxSessionExpirationTime": "2017-10-24T09:27:41Z",
       "maxIdleExpirationTime": "2017-10-24T08:23:14Z",
       "latestAccessTime": "2017-10-24T07:53:14Z",
       "realm": "/",
       "universalId": "id=demo,ou=user,dc=openam,dc=forgerock,dc=org",
       "username": "demo"
      }

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                shokard Darinder Shokar
              • Votes:
                2 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: