Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13128

invalid error message returned when user with expired password authenticates with persistent cookie module

    Details

    • Sprint:
      AM Sustaining Sprint 51, AM Sustaining Sprint 52
    • Story Points:
      2
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes

      Description

      Bug description

      Concise statement summarising the error and context (remove this text)

      How to reproduce the issue

      Create a realm with openam 5.5.1

      openam configuration chain 
      1.)persistent cook -sufficient 
      2.)Ldap-Required

      Post authentication class =org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookieAuthModulePostAuthenticationPlugin

       

      Assign a password policy on the ldap identity store that expires passwords

      for ex

      dsconfig set-password-policy-prop \

                --policy-name Default\ Password\ Policy \

                --set max-password-age:180\ s \

                --set password-expiration-warning-interval:60\ s \

                --hostname opendjconfigstore.example.com \

                --port 4444 \

      **         --bindDn cn=Directory\ Manager \

                --bindPasswordFile /home/forgerock/welcome1 \

                --trustAll \

                --no-prompt

      Create a subject for the realm in openam

      With the users password expired run the following command

      curl -v -X POST 'http://openam.example.com:80/openam/json/realms/cookie/authenticate?_=&authIndexType=service&authIndexValue=persistentcookie' -H 'X-OPENAM-USERNAME:cookie' -H 'X-OPENAM-PASSWORD:welcome1'

       

       

      •   Trying 192.168.1.237...
      • TCP_NODELAY set
      • Connected to openam551e.example.com (192.168.1.237) port 8080 (#0)

      > POST /openam/json/realms/cookie/authenticate?_=&authIndexType=service&authIndexValue=cookie HTTP/1.1

      > Host: openam551e.example.com:8080

      > User-Agent: curl/7.54.0

      > Accept: /

      > X-OPENAM-USERNAME:cookie

      > X-OPENAM-PASSWORD:welcome1

      > Content-Length: 0

      > Content-Type: application/x-www-form-urlencoded

      >

      < HTTP/1.1 500

      < X-Frame-Options: SAMEORIGIN

      < Set-Cookie: amlbcookie=01; Domain=example.com; Path=/

      < Content-API-Version: resource=2.1

      < Transfer-Encoding: chunked

      < Date: Thu, 10 May 2018 17:35:56 GMT

      < Connection: close

      < Closing connection 0

       

        Attachments

          Activity

            People

            • Assignee:
              yaodong.hu Yaodong Hu [X] (Inactive)
              Reporter:
              steve.nolan Steve Nolan
              QA Assignee:
              Filip Kubáň [X] (Inactive)
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: