Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13000

Custom authentication module with a single ChoiceCallback value is processed without confirmation

    Details

    • Sprint:
      AM Sustaining Sprint 53, AM Sustaining Sprint 54, AM Sustaining Sprint 55, AM Sustaining Sprint 56, AM Sustaining Sprint 57
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      A change between 13.x and 5.x means ChoiceCallback behaves differently.

      How to reproduce the issue

      Create a custom authentication module with a single choice.

      <ChoiceCallback>
      <Prompt>Selected option</Prompt>
      <ChoiceValues>
      <ChoiceValue>
      <Value>value1</Value>
      </ChoiceValue>
      </ChoiceValues>
      </ChoiceCallback>

      Expected behaviour

      User is presented with a single choice, already selected, and must click log in to proceed.
      A caller to /json/authenticate will get back the ChoiceCallback in JSON.
      This is the behaviour on 13.5.0.

      Current behaviour

      User is automatically logged in or moved to the next module in the chain, does not see the ChoiceCallBack on screen or in JSON.
      If Choices are generated dynamically, sometimes resulting in a single value, it can result in a poor user experience, such as if a user has a list of telephone numbers and must select which one receives an SMS.

      Work around

      Rewrite authentication modules, perhaps with an additional ConfirmationCallback.

      Code analysis

      Appears to be since AME-13716

      RestAuthenticationHandler.java
                      if (jsonCallbacks != null && jsonCallbacks.size() > 0) {
                          JsonValue jsonValue = createJsonCallbackResponse(authId, loginConfiguration, loginProcess,
                                  jsonCallbacks);
                          if (callbacks.length == 1 && callbacks[0] instanceof ChoiceCallback
                                  && ((ChoiceCallback) callbacks[0]).getChoices().length == 1) {
                              return authenticate(request, response, jsonValue, loginConfiguration.getIndexType().name(),
                                      loginConfiguration.getIndexValue(), loginConfiguration.getSSOTokenId());
                          }
                          return jsonValue;
      

        Attachments

          Activity

            People

            • Assignee:
              sachiko Sachiko Wallace
              Reporter:
              andrew.dunn Andrew Dunn [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: