Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12080

OAuth2 Stateless Session Signing Key lost during upgrade

    Details

    • Sprint:
      Sprint 2017.15 Curie, Sprint 2017.16 Newton
    • Needs backport:
      Yes
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      OAuth2 Provider service's "Token Signing HMAC Shared Secret" is lost during the upgrade from OpenAM 13.5.0 to AM 6.0.0. I would assume that this affects others upgrade paths between.

      How to reproduce the issue

      1. Install OpenAM 13.5.0
      2. Configure OAuth2 Provider Service and enable stateless OAuth2 tokens
      3. Configure OAuth2 client
      4. Obtain an access token and keep a reference to the returned JWT
      5. Upgrade to AM 6.0.0
      6. Call the /tokeninfo endpoint for the access token created prior to the upgrade
      Expected behaviour
      Token info should be returned as JSON 
      
      Current behaviour
      Internal Server Error
      

      Work around

      Manually re-entering the value for OAuth2 Provider service's "Token Signing HMAC Shared Secret" fixes the configuration.

       

        Attachments

          Activity

            People

            • Assignee:
              dipu.seminlal Dipu Seminlal
              Reporter:
              craig.mcdonnell Craig McDonnell
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: