Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13378

Authentication Tree does not retrieve User Attributes & Session Properties From Session via REST API.

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 6.0.0, 6.5.2, 6.5.2.1
    • 7.0.0, 6.5.3
    • trees
    • Rank:
      1|hzwe4v:

    Description

      Bug description

      Using the knowledge based article on "How do I retrieve user attributes from a session using the REST API in AM (All versions) and OpenAM 13.5?", this does not applies on Authentication Tree.

      How to reproduce the issue

      1. Map user attributes to session attributes (Realms > [Realm Name] > Authentication > Settings > Post Authentication Processing > User Attribute Mapping to Session Attribute)
      sn|lastName 
      mail|user.mail
      1. Add the user attributes to the whitelist (Realms > [Realm Name] > Services > Session Property Whitelist Service > Whitelisted Session Property Names)
      am.protected.lastName 
      am.protected.user.mail
      1. Restart AM instance
      2. Add an email address to user (Realms > [Realm] > Identities > [User] > Email Address)
      3. Create a new tree called testexample (Realms > [Realm] > Authentication > Trees > Create Tree) as shown in img1
      4. Authenticate with default service chain to obtain the iPlanetDirectoryPro TokenID
        curl -X POST \ http://am.example.com:8080/openam/json/realms/root/authenticate \ 
        -H 'Accept-API-Version: resource=2.0,protocol=1.0' \ 
        -H 'Cache-Control: no-cache' \ 
        -H 'Content-Type: application/json' \ 
        -H 'X-OpenAM-Password: changeit' \ 
        -H 'X-OpenAM-Username: demo'
        {
        "tokenId": "R4ciX1UGYDd5ACMEYqmGCj3mcbo.*AAJTSQACMDEAAlNLABxKTSsxL0ZEL1BzbitzYkorV0JEK0VCT2s0aXc9AAR0eXBlAANDVFMAAlMxAAA.*",
        "successUrl": "/openam/console",
        "realm": "/"
        }
      1. Get session properties :
        curl -X POST \ 'http://am.example.com:8080/openam/json/realms/root/sessions/?_action=getSessionProperties' \ 
        -H 'Accept-API-Version: resource=2.0,protocol=1.0' \ 
        -H 'Cache-Control: no-cache' \ 
        -H 'Content-Type: application/json' \ 
        -H 'iplanetdirectorypro: R4ciX1UGYDd5ACMEYqmGCj3mcbo.*AAJTSQACMDEAAlNLABxKTSsxL0ZEL1BzbitzYkorV0JEK0VCT2s0aXc9AAR0eXBlAANDVFMAAlMxAAA.*'
        
        {
        "am.protected.user.mail": "test@example.com",
        "AMCtxId": "d367db02-bbbe-44c4-a14e-3af91c06457a-15903",
        "am.protected.lastName": ""
        }
        
      1. Authenticate with authentication tree to obtain the iPlanetDirectoryPro TokenID
      curl -X POST \ 'http://am.example.com:8080/openam/json/realms/root/authenticate?authIndexType=service&authIndexValue=testexample' \ 
      -H 'Accept-API-Version: resource=2.0,protocol=1.0' \ 
      -H 'Cache-Control: no-cache' \ 
      -H 'Content-Type: application/json'
      
      { "authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.........QiOjE1MzI0OTkxODZ9.WgFORdQG72X0vekVpw6ssieOUJcZWWlLqqwLTf6psD4", "callbacks": [ { "type": "NameCallback", "output": [ { "name": "prompt", "value": "User Name" } ], "input": [ { "name": "IDToken0", "value": "" } ], "_id": 0 }, { "type": "PasswordCallback", "output": [ { "name": "prompt", "value": "Password" } ], "input": [ { "name": "IDToken0", "value": "" } ], "_id": 1 } ] }
      
      curl -X POST \
      'http://am.example.com:8080/openam/json/realms/root/authenticate?authIndexType=service&authIndexValue=testexample' \
      -H 'Accept-API-Version: resource=2.0,protocol=1.0' \
      -H 'Cache-Control: no-cache' \
      -H 'Content-Type: application/json' \
      -d '{
      "authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.........QiOjE1MzI0OTkxODZ9.WgFORdQG72X0vekVpw6ssieOUJcZWWlLqqwLTf6psD4",
      "callbacks": [
      {
      "type": "NameCallback",
      "output": [
      {
      "name": "prompt",
      "value": "User Name"
      }
      ],
      "input": [
      {
      "name": "IDToken0",
      "value": "demo"
      }
      ],
      "_id": 0
      },
      {
      "type": "PasswordCallback",
      "output": [
      {
      "name": "prompt",
      "value": "Password"
      }
      ],
      "input": [
      {
      "name": "IDToken0",
      "value": "changeit"
      }
      ],
      "_id": 1
      }
      ]
      }'
      
      {
      "tokenId": "zXkCGWLFqz1Da-DFPgVkxlv64kE.*AAJTSQACMDEAAlNLABxIa1YzdVh2NVFwblRZWEN5STR5b2c2N1JuQ1E9AAR0eXBlAANDVFMAAlMxAAA.*",
      "successUrl": "/openam/console",
      "realm": "/"
      }
      1. Get session properties

      Expected behaviour

      curl -X POST \
      'http://am.example.com:8080/openam/json/realms/root/sessions/?_action=getSessionProperties' \
      -H 'Accept-API-Version: resource=2.0,protocol=1.0' \
      -H 'Cache-Control: no-cache' \
      -H 'Content-Type: application/json' \
      -H 'iplanetdirectorypro: zXkCGWLFqz1Da-DFPgVkxlv64kE.*AAJTSQACMDEAAlNLABxIa1YzdVh2NVFwblRZWEN5STR5b2c2N1JuQ1E9AAR0eXBlAANDVFMAAlMxAAA.*'
      
      {
      "am.protected.user.mail": "test@example.com",
      "AMCtxId": "d367db02-bbbe-44c4-a14e-3af91c06457a-16308",
      "am.protected.lastName": ""
      }
      
      Current behaviour
      curl -X POST \
      'http://am.example.com:8080/openam/json/realms/root/sessions/?_action=getSessionProperties' \
      -H 'Accept-API-Version: resource=2.0,protocol=1.0' \
      -H 'Cache-Control: no-cache' \
      -H 'Content-Type: application/json' \
      -H 'iplanetdirectorypro: zXkCGWLFqz1Da-DFPgVkxlv64kE.*AAJTSQACMDEAAlNLABxIa1YzdVh2NVFwblRZWEN5STR5b2c2N1JuQ1E9AAR0eXBlAANDVFMAAlMxAAA.*'
      
      {
      "am.protected.user.mail": "", <-- Does not retrieve demo email address
      "AMCtxId": "d367db02-bbbe-44c4-a14e-3af91c06457a-16308",
      "am.protected.lastName": ""
      }
      

       

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              wanning.tan WanNing Tan
              Votes:
              9 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: