Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13006

Missing upgrade steps for OAuth2 ID Token Signing and Encryption Algorithms

    Details

    • Needs backport:
      Yes
    • Verified Version/s:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      After upgrading, the list of supported encryption algorithms and methods isn't updated.

      How to reproduce the issue

      1. Install 13.5.1
      2. Upgrade to 6.0.0
      3. Run the OpenIDConnectDiscoverySpecification tests
      Expected behaviour

      They pass

      Current behaviour
      JSON path id_token_encryption_alg_values_supported doesn't match.
      Expected: iterable over ["RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "dir", "A128KW", "A192KW", "A256KW"] in any order
        Actual: [RSA1_5]
      
      JSON path id_token_encryption_enc_values_supported doesn't match.
      Expected: iterable over ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"] in any order
        Actual: [A128CBC-HS256, A256CBC-HS512]
      

       

      Code analysis

      supportedIDTokenEncryptionAlgorithms

        13.5.1 - OAuth2Provider.xml has supportedIDTokenEncryptionAlgorithms RSA1_5

        14.0.0 - OAuth2Provider.xml has supportedIDTokenEncryptionAlgorithms RSA1_5, RSA-OAEP, RSA-OAEP-256, dir, A128KW, A192KW, A256KW

       

      supportedIDTokenEncryptionMethods

      13.5.1 - OAuth2Provider.xml has supportedIDTokenEncryptionMethods A128CBC-HS256, A256CBC-HS512

       14.0.0 - OAuth2Provider.xml has supportedIDTokenEncryptionMethods 

      A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                richard.ward Richard Ward
                Reporter:
                richard.ward Richard Ward
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: