Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12415

Self-Service KBA questions of TopLevel Realm(or Global Service) override SubRealm's

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 14.1.1, 5.5.1
    • Fix Version/s: 6.0.0, 14.1.2, 5.5.2
    • Component/s: self-service
    • Labels:
    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 49, AM Sustaining Sprint 50
    • Story Points:
      5
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      "User Self-Service" Service of the Top Level or Globally Service overrides(even when not enabled) the configurations set at the Subrealm(s)

      How to reproduce the issue

      1. (Optional) Configure User Self-Service on Top Level realm and add a new KBA question e.g 5|en|root and enable Security Questions for Forgotten Password.
      2. Create a Subrealm e.g "test" and make the same configurations apart from the question name, set it as 5|en|test
      3. Now login to realm=test and go Security Questions tab.
      Expected behaviour
      You should see the KBA question of the Subrealm (test)
      
      Current behaviour
      You see the question as configured at the Top Level realm.(root)
      

      Work around

      add Realm DNS Aliases (AM 5.1.1 / AM 5.5.1)

      Code analysis

      N/A

      Notes

      This is working fine on 13.5.1 (the rest call includes the realm)

      5.5.1

      REST call after authenticating on realm=test

      GET http://openam.example.com:38080/openam/json/selfservice/kba

      Response:

      {"_id":"1","_rev":"1.0","questions":{"1":{"en":"What is the name of your favourite restaurant?"},"2":{"en":"What was the model of your first car?"},"3":{"en":"What was the name of your childhood pet?"},"4":{"en":"What is your mother's maiden name?"},"5":{"en":"root"}},"minimumAnswersToDefine":1,"minimumAnswersToVerify":1} 

      Searching individually for the realm configuration:

      curl -X GET http://openam.example.com:38080/openam/json/realms/root/realms/test/selfservice/kba -H 'Cache-Control: no-cache' -H 'iPlanetDirectoryPro: unRFfTvS5b4wdvkwAcmeVi3iJpY.*AAJTSQACMDEAAlNLABxLTjNXVExhT085eS9DU0tncEVXS2xtdkdFT2c9AAJTMQAA*'
      
      {  
      
         "_id":"1",
      
         "_rev":"1.0",
      
         "questions":{  
      
            "1":{  
      
               "en":"What is the name of your favourite restaurant?"
      
            },
      
            "2":{  
      
               "en":"What was the model of your first car?"
      
            },
      
            "3":{  
      
               "en":"What was the name of your childhood pet?"
      
            },
      
            "4":{  
      
               "en":"What is your mother's maiden name?"
      
            },
      
            "5":{  
      
               "en":"test"
      
            }
      
         },
         "minimumAnswersToDefine":1,
      
         "minimumAnswersToVerify":1
      
      }
       

      13.5.1

      REST call after authenticating on realm=test

      http://openam.example.com:18080/openam/json/test/selfservice/kba

      {"questions":{"1":{"en":"What is the name of your favourite restaurant?"},"2":{"en":"What was the model of your first car?"},"3":{"en":"What was the name of your childhood pet?"},"4":{"en":"What is your mother's maiden name?"},"5":{"en":"test"}},"minimumAnswersToDefine":1,"minimumAnswersToVerify":1}

       

      maybe relates to https://bugster.forgerock.org/jira/browse/OPENAM-9276 

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                anastasios.kampas Tasos Kampas
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: