Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12252

Delegated admin with Stateless Session, causes Admin Console failure.



    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 13.5.0, 13.5.1, 5.5.1
    • 13.5.2, 6.0.0, 14.1.2, 5.5.2
    • console
    • Happens even on one site.
    • AM Sustaining Sprint 47, AM Sustaining Sprint 48
    • 3
    • No
    • Yes
    • No
    • Yes and I used the same an in the description


      Bug description

      On 13.5.x
      When using delegated Admin and using Stateless Session, the old JATO Admin UI is prone to having issues when the is stale "jato.pageSession" in it URL. When the content here is stale or invalid any navigation to links that Tab will cause "AMUncaughtException" on the console and the following seen.

      ERROR: ConsoleServletBase.onUncaughtException
              at com.sun.identity.console.agentconfig.AgentsViewBean.createTabModel(AgentsViewBean.java:216)
              at com.sun.identity.console.agentconfig.AgentsViewBean.handleRealmNameInTabSwitch(AgentsViewBean.java:268)
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:112)
              at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
              at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
              at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

      How to reproduce the issue

      1) Create delegated admin
      2) Set stateless session on root realm
      3) Login as delegate admin
      4) Navigate to Subjects (to get the legacy JATO screen)
      5) Press Subjects/DataStore tab until the following URL
      has "&jato.pageSession=...." in the URL bar
      6) Clone the above URL (new Tab)
      7) On the old tab, Log out and login again
      8) Now for the Clone tab with the "pageSession" press
      Subject/Script tab and see the failure "AMUncaughtException"
      9) Goto the URL and remove the above "jato.pageSession"
      and the UI will recover

      Other related to stateless issue.

      On 5.5.1 (you may see one more issue)

      • Create a long realm-name, on this realm click on Subjects. But similar in rootcause
      Root cause = [java.lang.IllegalStateException: Failed to set up session invalidation listener]
              at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
              at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
              at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMP
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.nodeClicked(AMPrimaryMastHeadViewBean.java:301)
      Expected behaviour
      Should not have issues since the stateless session cookie should be around and Console access should work.
      Current behaviour
      Failure to recover as navigation to console like "Subject" tab fails 

      Work around

      May need to restart the OpenAM console URL again.

      Code analysis

      Somehow the jato.pageSession parameter may cause issues.


        1. testcase.jsp
          2 kB
        2. testcase2.jsp
          4 kB
        3. testcase3.jsp
          1 kB



            chee-weng.chea C-Weng C
            chee-weng.chea C-Weng C
            0 Vote for this issue
            5 Start watching this issue