Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12174

XUI - Deleting a built-in authentication module will delete any other created by it

    Details

    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 54, AM Sustaining Sprint 55
    • Story Points:
      5
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When you have a authentication module twice in the list e.g default OATH and testOATH and you delete the default OATH, testOATH will be deleted as well. If you query the RestAPI, the default OATH is still available.

      It relates to https://bugster.forgerock.org/jira/browse/OPENAM-11734 but it is slightly a different scenario. The main issue is that deleting a built-in authentication module automatically deletes any other created by this. If this is expected behaviour, we need to make it clear. If not, then perhaps we want to make the built-in modules non-deletable.

      How to reproduce the issue

      Create any new authentication module with the same default settings e.g for OATH:

      Then delete the built-in OATH module. You will see testOATH is gone too.

      Querying the RestAPI:

      ../realm-config/authentication/modules/oath?_queryFilter=true

      will return the default built-in OATH module as expected from the global config, but not the testOATH:

      {
        "result": [
          {
            "_id": "oath",
            "_rev": "1161347444",
            "stepsInWindow": 2,
            "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider",
            "hotpWindowSize": 100,
            "passwordLength": "6",
            "forgerock-oath-maximum-clock-drift": 0,
            "authenticationLevel": 0,
            "secretKeyAttribute": "",
            "hotpCounterAttribute": "",
            "timeStepSize": 30,
            "minimumSecretKeyLength": "32",
            "lastLoginTimeAttribute": "",
            "forgerock-oath-observed-clock-drift-attribute-name": "",
            "oathAlgorithm": "HOTP",
            "addChecksum": "False",
            "truncationOffset": -1,
            "_type": {
              "_id": "oath",
              "name": "OATH",
              "collection": true
            }
          }
        ],
        "resultCount": 1,
        "pagedResultsCookie": null,
        "totalPagedResultsPolicy": "NONE",
        "totalPagedResults": -1,
        "remainingPagedResults": -1
      }

      Expected behaviour

      testOATH to remain as available.
      
      Current behaviour
      all OATH modules are gone.
      

      Work around

      Do not remove the built-in modules even if not using them.

       

      Maybe we want to remove the option to delete the built-in modules as actually you can't "delete" them, they will always be in the code.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                anastasios.kampas Tasos Kampas
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: