Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13043

Empty session ID is checked during Auth Tree flow

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.0.0
    • Component/s: None
    • Labels:
    • Target Version/s:
    • Needs backport:
      No
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      The SessionID is used to check if further authentication is required. This can be empty and results in an SSOException if checked and is empty. The exception is handled, but this occurs for every authentication attempt in auth trees.

      How to reproduce the issue

      1. Enable message level debug logging for Authentication
      2. Log in using the default tree, Example
      3. Check the logs
      Expected behaviour
      no exceptions in the logs
      Current behaviour
      there are exceptions in the logs

      Code analysis

      Check if the 

      loginConfiguration.getSSOTokenId()

      is empty or blank before calling 

      coreServicesWrapper.getExistingValidSSOToken()

       

      in AuthTrees.noMoreAuthenticationRequired()

       

        Attachments

          Activity

            People

            • Assignee:
              sean.oneill Sean ONeill [X] (Inactive)
              Reporter:
              sean.oneill Sean ONeill [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: