Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12080

OAuth2 Stateless Session Signing Key lost during upgrade

    XMLWordPrintable

    Details

    • Sprint 2017.15 Curie, Sprint 2017.16 Newton
    • Yes
    • Yes
    • No
    • Yes and I used the same an in the description

      Description

      Bug description

      OAuth2 Provider service's "Token Signing HMAC Shared Secret" is lost during the upgrade from OpenAM 13.5.0 to AM 6.0.0. I would assume that this affects others upgrade paths between.

      How to reproduce the issue

      1. Install OpenAM 13.5.0
      2. Configure OAuth2 Provider Service and enable stateless OAuth2 tokens
      3. Configure OAuth2 client
      4. Obtain an access token and keep a reference to the returned JWT
      5. Upgrade to AM 6.0.0
      6. Call the /tokeninfo endpoint for the access token created prior to the upgrade
      Expected behaviour
      Token info should be returned as JSON 
      
      Current behaviour
      Internal Server Error
      

      Work around

      Manually re-entering the value for OAuth2 Provider service's "Token Signing HMAC Shared Secret" fixes the configuration.

       

        Attachments

          Activity

            People

            dipu.seminlal Dipu Seminlal
            craig.mcdonnell Craig McDonnell
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: