Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12252

Delegated admin with Stateless Session, causes Admin Console failure.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0, 13.5.1, 5.5.1
    • Fix Version/s: 13.5.2, 6.0.0, 14.1.2, 5.5.2
    • Component/s: console
    • Labels:
    • Environment:
      Happens even on one site.
    • Sprint:
      AM Sustaining Sprint 47, AM Sustaining Sprint 48
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      On 13.5.x
      When using delegated Admin and using Stateless Session, the old JATO Admin UI is prone to having issues when the is stale "jato.pageSession" in it URL. When the content here is stale or invalid any navigation to links that Tab will cause "AMUncaughtException" on the console and the following seen.

      ERROR: ConsoleServletBase.onUncaughtException
      java.lang.NullPointerException
              at com.sun.identity.console.agentconfig.AgentsViewBean.createTabModel(AgentsViewBean.java:216)
              at com.sun.identity.console.agentconfig.AgentsViewBean.handleRealmNameInTabSwitch(AgentsViewBean.java:268)
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:112)
              at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
              at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
              at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      

      How to reproduce the issue

      1) Create delegated admin
      2) Set stateless session on root realm
      3) Login as delegate admin
      4) Navigate to Subjects (to get the legacy JATO screen)
      5) Press Subjects/DataStore tab until the following URL
      has "&jato.pageSession=...." in the URL bar
      6) Clone the above URL (new Tab)
      7) On the old tab, Log out and login again
      8) Now for the Clone tab with the "pageSession" press
      Subject/Script tab and see the failure "AMUncaughtException"
      9) Goto the URL and remove the above "jato.pageSession"
      and the UI will recover

      Other related to stateless issue.

      On 5.5.1 (you may see one more issue)

      • Create a long realm-name, on this realm click on Subjects. But similar in rootcause
      Root cause = [java.lang.IllegalStateException: Failed to set up session invalidation listener]
              at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
              at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
              at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase
      .java:152)
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMP
      rimaryMastHeadViewBean.java:113)
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.nodeClicked(AMPrimaryMastHeadViewBean.java:301)
      
      Expected behaviour
      Should not have issues since the stateless session cookie should be around and Console access should work.
      
      Current behaviour
      Failure to recover as navigation to console like "Subject" tab fails 
      

      Work around

      May need to restart the OpenAM console URL again.

      Code analysis

      Somehow the jato.pageSession parameter may cause issues.

        Attachments

        1. testcase.jsp
          2 kB
        2. testcase2.jsp
          4 kB
        3. testcase3.jsp
          1 kB

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: