Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12306

oauth2/authorize redirect_url missing parameter regression

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.5.2, 5.5.2
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Environment:
      CentOS7
      Java 1.8.0_131
      Apache Tomcat Version 8.5.15

      Description

      Bug description

      There is regression between 13.5.2-M11 and 13.5.2-RC1 when redirect_uri parameter is not defined in oauth2/authorize request. We should see invalid request error and instead there is redirect to authentication. These tests are failing:

      • TestAuthorizationCodeGrant testInvalidRedirectUri_0Regd
      • TestAuthorizationCodeGrant testInvalidRedirectUri_2Regd
      • TestImplicitGrant testIncorrectRedirectUri_2Regd
      • TestOpenIdBasic testInvalidRedirectUri_2Regd
      • TestOpenIdImplicit OAM611

      How to reproduce the issue

      1. Top-level realm -> Common Tasks -> Configure OAuth Provider -> Configure OpenID Connect -> Create
      2. Top-level realm -> Agents -> OAuth 2.0/OpenID Connect Client -> New -> Name=OAuth2Client password=changeit -> Create
      3. curl -v "http://amqa-clone74.test.forgerock.com:8080/openam/oauth2/authorize?response_type=code&client_id=OAuth2Client&state=abc"
      Expected behaviour

      Shows missing redirect_uri error:

      curl -v "http://amqa-clone74.test.forgerock.com:8080/openam/oauth2/authorize?response_type=code&client_id=OAuth2Client&state=abc"
      *   Trying 10.1.10.74...
      * Connected to amqa-clone74.test.forgerock.com (10.1.10.74) port 8080 (#0)
      > GET /openam/oauth2/authorize?response_type=code&client_id=OAuth2Client&state=abc HTTP/1.1
      > Host: amqa-clone74.test.forgerock.com:8080
      > User-Agent: curl/7.47.0
      > Accept: */*
      >
      < HTTP/1.1 400 Bad Request
      < Pragma: no-cache
      < Cache-Control: no-store
      < Date: Wed, 10 Jan 2018 06:32:27 GMT
      < Accept-Ranges: bytes
      < Server: Restlet-Framework/2.3.4
      < Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
      < Content-Type: text/html;charset=UTF-8
      < Transfer-Encoding: chunked
      < Connection: close
      <
      <!DOCTYPE html>
      <!--
        ~ DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
        ~
        ~ Copyright 2012-2015 ForgeRock AS.
        ~
        ~ The contents of this file are subject to the terms
        ~ of the Common Development and Distribution License
        ~ (the License). You may not use this file except in
        ~ compliance with the License.
        ~
        ~ You can obtain a copy of the License at
        ~ http://forgerock.org/license/CDDLv1.0.html
        ~ See the License for the specific language governing
        ~ permission and limitations under the License.
        ~
        ~ When distributing Covered Code, include this CDDL
        ~ Header Notice in each file and include the License file
        ~ at http://forgerock.org/license/CDDLv1.0.html
        ~ If applicable, add the following below the CDDL Header,
        ~ with the fields enclosed by brackets [] replaced by
        ~ your own identifying information:
        ~ "Portions Copyrighted [year] [name of copyright owner]"
        ~
        ~ Portions Copyrighted 2014 Nomura Research Institute, Ltd
        -->
      <html lang="en">
      <head>
          <meta charset="utf-8">
          <meta http-equiv="X-UA-Compatible" content="IE=edge">
          <meta name="viewport" content="width=device-width, initial-scale=1">
          <meta name="description" content="OAuth2 Error">
          <title>OAuth2 Error Page</title>
      </head>
      
      <body style="display:none">
          <div id="wrapper">Loading...</div>
          <footer id="footer" class="footer"></footer>
          <script type="text/javascript">
                          pageData = {
                      realm : "/",
                      baseUrl: "http://amqa-clone74.test.forgerock.com:8080/openam/XUI",
                      error: {
                          description: "Missing parameter: redirect_uri",
                          message: "invalid_request"
                      }
                  }
          </script>
          <script data-main="http://amqa-clone74.test.forgerock.com:8080/openam/XUI/main-authorize" src="http://amqa-clone74.test.forgerock.com:8080/openam/XUI/libs/requirejs-2.1.14-min.js"></script>
      </body>
      </html>
      * Closing connection 0
      
      Current behaviour

      Redirect to login.

      curl -v "http://amqa-clone74.test.forgerock.com:8080/openam/oauth2/authorize?response_type=code&client_id=OAuth2Client&state=abc"
      *   Trying 10.1.10.74...
      * Connected to amqa-clone74.test.forgerock.com (10.1.10.74) port 8080 (#0)
      > GET /openam/oauth2/authorize?response_type=code&client_id=OAuth2Client&state=abc&redirect=1 HTTP/1.1
      > Host: amqa-clone74.test.forgerock.com:8080
      > User-Agent: curl/7.47.0
      > Accept: */*
      >
      < HTTP/1.1 302 Found
      < Pragma: no-cache
      < Cache-Control: no-store
      < Date: Tue, 09 Jan 2018 12:52:31 GMT
      < Accept-Ranges: bytes
      < Location: http://amqa-clone74.test.forgerock.com:8080/openam/UI/Login?realm=%2F&goto=http%3A%2F%2Famqa-clone74.test.forgerock.com%3A8080%2Fopenam%2Foauth2%2Fauthorize%3Fresponse_type%3Dcode%26client_id%3DOAuth2Client%26state%3Dabc
      < Server: Restlet-Framework/2.3.4
      < Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
      < Content-Length: 0
      <
      * Connection #0 to host amqa-clone74.test.forgerock.com left intact
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lubomir.mlich Ľubomír Mlích
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: