-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 14.5.0
-
Component/s: authentication
Bug description
Concise statement summarising the error and context (remove this text)
How to reproduce the issue
Create a realm with openam 5.5.1
openam configuration chain
1.)persistent cook -sufficient
2.)Ldap-Required
Post authentication class =org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookieAuthModulePostAuthenticationPlugin
Assign a password policy on the ldap identity store that expires passwords
for ex
dsconfig set-password-policy-prop \
--policy-name Default\ Password\ Policy \
--set max-password-age:180\ s \
--set password-expiration-warning-interval:60\ s \
--hostname opendjconfigstore.example.com \
--port 4444 \
** --bindDn cn=Directory\ Manager \
--bindPasswordFile /home/forgerock/welcome1 \
--trustAll \
--no-prompt
Create a subject for the realm in openam
With the users password expired run the following command
curl -v -X POST 'http://openam.example.com:80/openam/json/realms/cookie/authenticate?_=&authIndexType=service&authIndexValue=persistentcookie' -H 'X-OPENAM-USERNAME:cookie' -H 'X-OPENAM-PASSWORD:welcome1'
- Trying 192.168.1.237...
- TCP_NODELAY set
- Connected to openam551e.example.com (192.168.1.237) port 8080 (#0)
> POST /openam/json/realms/cookie/authenticate?_=&authIndexType=service&authIndexValue=cookie HTTP/1.1
> Host: openam551e.example.com:8080
> User-Agent: curl/7.54.0
> Accept: /
> X-OPENAM-USERNAME:cookie
> X-OPENAM-PASSWORD:welcome1
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 500
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: amlbcookie=01; Domain=example.com; Path=/
< Content-API-Version: resource=2.1
< Transfer-Encoding: chunked
< Date: Thu, 10 May 2018 17:35:56 GMT
< Connection: close
< Closing connection 0