Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13606

REST Session Validation not working as documented

    Details

    • Needs backport:
      No
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      The documented REST Session Validation procedure does not work, there are two problems:

      1. Must add header for Content-type application/json
      2. Always returns valid = false unless iPlanetDirectoryPro header is added

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Use curl command to authenticate and save SSO token
      2. Run documented CURL command to validate
      Expected behaviour
      A valid response from the documented REST call syntax:
      
      curl -X POST 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      {
      "valid":true,
      "sessionUid":"9c8abbe4-55d8-4759-abac-0b89ace2f4e1-340246",
      "uid":"bjensen",
      "realm":"/"
      }
      
      Current behaviour
      1. Command fails: needs Content-Type header
      2. Always returns false:  needs iPlanetDirectoryPro
      {"valid":false}
      

      Work around

      First problem ... need header "Content-type" ...

      curl -X POST 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      {
        "code":400,
        "reason":"Bad Request",
        "message":"The request could not be processed because it specified the content-type 'application/x-www-form-urlencoded' when only the content-type 'application/json' and 'multipart/form-data' are supported"
      }
      

       

      After adding Content-Type header ...

      curl -X POST 
      -H "Content-type: application/json" 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      {"valid":false}
      

       

      After adding iPlanetDirectPro header ...  

      curl -X POST 
      -H "iPlanetDirectoryPro: yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*" 
      -H "Content-type: application/json" 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      
      {
        "valid":true,
        "sessionUid":"9c8abbe4-55d8-4759-abac-0b89ace2f4e1-340246",
        "uid":"bjensen",
        "realm":"/"
      }
      

      Should not need to added these two extra headers to make this REST call work, per the documentation.

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      org.forgerock.$className.java
      ...
      

        Attachments

          Activity

            People

            • Assignee:
              cristina.herraz Cristina Herraz
              Reporter:
              sfehrman Scott Fehrman [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: