Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12082

Outlook with WS-Fed uses cached credential after AD password change.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.1, 14.0.0, 14.1.1
    • Fix Version/s: 6.0.0, 14.1.2, 5.5.2
    • Component/s: WS Federation
    • Labels:
    • Sprint:
      AM Sustaining Sprint 45
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      Using an Outlook desktop application and if the AD password is changed. the Outlook application is still using a cached credential even after 30 mins.

      How to reproduce the issue

      1. AM as the WS-Fed with Actve requestor profile
      2. Open Outlook desktop
      3. Change AD password
      4. Wait 30 minutes
      5. Try access Outlook

      Alternative test: See attachment

      Expected behaviour
      Able to access mail with (or challenged with new authentication/credential window so that the new password can be set and 
      
      Current behaviour
      Unable to access email until cached credential is cleared.
      

      Work around

      -

      Code analysis

      org.forgerock.openam.saml2.plugins.DefaultWsFedAuthenticator throws ActiveRequestorException and return 500 for SOAPFault for authentication error.
      It seems Outlook/Skype client need 401 Unauthorized status code for the SOAP error to reprompt for credentials (otherwise it may send the old cache credentials)

        Attachments

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: