Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13298

OIDC requests with claims request parameter fail

    XMLWordPrintable

    Details

      Description

      Bug description

      Executing OIDC authorization code requests using the claims request parameter fail in AM 6.0 with the following error:

      Caused by: java.lang.NullPointerException
              at org.forgerock.oauth2.core.ResourceOwnerSessionValidator.authenticationRequired(ResourceOwnerSessionValidator.java:486)
              at org.forgerock.oauth2.core.ResourceOwnerSessionValidator.validate(ResourceOwnerSessionValidator.java:264)
      
      

      How to reproduce the issue

      1. Configure OAuth/OIDC and turn on the claims request parameter processing.
      2. Create an OAuth client with openid scope.
      3. Craft a signed request parameter http://openid.net/specs/openid-connect-core-1_0.html#RequestObject and include it in an OIDC redirect e.g.

      http://emob.openrock.org:18080/openam/oauth2/authorize?client_id=testclient&response_type=code&scope=openid&request=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ0ZXN0Y2xpZW50IiwiYXVkIjoiaHR0cDovL2Vtb2Iub3BlbnJvY2sub3JnOjE4MDgwL29wZW5hbS9vYXV0aDIiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNsaWVudF9pZCI6InRlc3RjbGllbnQiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvY29tcGxldGVkIiwic2NvcGUiOiJvcGVuaWQiLCJzdGF0ZSI6ImFmMGlmanNsZGtqIiwibm9uY2UiOiJuLTBTNl9XekEyTWoiLCJleHAiOjE1MzA3MjI5MTcsIm1heF9hZ2UiOiI4NjQwMCIsImNsYWltcyI6eyJ1c2VyaW5mbyI6eyJ0cmFuc2FjdGlvbl9pZCI6eyJ2YWx1ZXMiOlsiOGQ5Y2ZhMmE0MjIxODRiNTEwZjc1Yjc1Il19LCJhbW91bnQiOnsidmFsdWVzIjpbIjI3OS45OSJdfSwicmV0YWlsZXIiOnsidmFsdWVzIjpbIlRUUCBSZXRhaWwgTHRkIl19fSwiaWRfdG9rZW4iOnsidHJhbnNhY3Rpb25faWQiOnsidmFsdWVzIjpbIjhkOWNmYTJhNDIyMTg0YjUxMGY3NWI3NSJdfSwiYW1vdW50Ijp7InZhbHVlcyI6WyIyNzkuOTkiXX0sInJldGFpbGVyIjp7InZhbHVlcyI6WyJUVFAgUmV0YWlsIEx0ZCJdfX19fQ.rN0cPMAbJ91q_8veEyzwkfOZRWkZlLzMslGDxG4MlNk&redirect_uri=http://localhost:3000/completed

      1. ...
      Expected behaviour
      AM to display the authentication page
      Current behaviour
      500 error returned and the attached stack trace in the logs

      Work around

      OPTIONAL - If you have a workaround, please put the details here (remove this text)

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      org.forgerock.$className.java
      ...
      

        Attachments

          Issue Links

            Activity

              People

              phillcunnington Phill Cunnington
              wayne.blacklock Wayne Blacklock
              Filip Kubáň [X] Filip Kubáň [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: