Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12174

XUI - Deleting a built-in authentication module will delete any other created by it


    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 54, AM Sustaining Sprint 55
    • Story Points:
    • Needs backport:
    • Support Ticket IDs:
    • Needs QA verification:
    • Functional tests:
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description


      Bug description

      When you have a authentication module twice in the list e.g default OATH and testOATH and you delete the default OATH, testOATH will be deleted as well. If you query the RestAPI, the default OATH is still available.

      It relates to https://bugster.forgerock.org/jira/browse/OPENAM-11734 but it is slightly a different scenario. The main issue is that deleting a built-in authentication module automatically deletes any other created by this. If this is expected behaviour, we need to make it clear. If not, then perhaps we want to make the built-in modules non-deletable.

      How to reproduce the issue

      Create any new authentication module with the same default settings e.g for OATH:

      Then delete the built-in OATH module. You will see testOATH is gone too.

      Querying the RestAPI:


      will return the default built-in OATH module as expected from the global config, but not the testOATH:

        "result": [
            "_id": "oath",
            "_rev": "1161347444",
            "stepsInWindow": 2,
            "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider",
            "hotpWindowSize": 100,
            "passwordLength": "6",
            "forgerock-oath-maximum-clock-drift": 0,
            "authenticationLevel": 0,
            "secretKeyAttribute": "",
            "hotpCounterAttribute": "",
            "timeStepSize": 30,
            "minimumSecretKeyLength": "32",
            "lastLoginTimeAttribute": "",
            "forgerock-oath-observed-clock-drift-attribute-name": "",
            "oathAlgorithm": "HOTP",
            "addChecksum": "False",
            "truncationOffset": -1,
            "_type": {
              "_id": "oath",
              "name": "OATH",
              "collection": true
        "resultCount": 1,
        "pagedResultsCookie": null,
        "totalPagedResultsPolicy": "NONE",
        "totalPagedResults": -1,
        "remainingPagedResults": -1

      Expected behaviour

      testOATH to remain as available.
      Current behaviour
      all OATH modules are gone.

      Work around

      Do not remove the built-in modules even if not using them.


      Maybe we want to remove the option to delete the built-in modules as actually you can't "delete" them, they will always be in the code.



          Issue Links



              • Assignee:
                lawrence.yarham Lawrence Yarham
                anastasios.kampas Tasos Kampas
              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created: