Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13606

REST Session Validation not working as documented

    XMLWordPrintable

    Details

    • Rank:
      1|hzwqn3:
    • No
    • No
    • No
    • No (add reasons in the comment)

      Description

      Bug description

      The documented REST Session Validation procedure does not work, there are two problems:

      1. Must add header for Content-type application/json
      2. Always returns valid = false unless iPlanetDirectoryPro header is added

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Use curl command to authenticate and save SSO token
      2. Run documented CURL command to validate
      Expected behaviour
      A valid response from the documented REST call syntax:
      
      curl -X POST 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      {
      "valid":true,
      "sessionUid":"9c8abbe4-55d8-4759-abac-0b89ace2f4e1-340246",
      "uid":"bjensen",
      "realm":"/"
      }
      
      Current behaviour
      1. Command fails: needs Content-Type header
      2. Always returns false:  needs iPlanetDirectoryPro
      {"valid":false}
      

      Work around

      First problem ... need header "Content-type" ...

      curl -X POST 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      {
        "code":400,
        "reason":"Bad Request",
        "message":"The request could not be processed because it specified the content-type 'application/x-www-form-urlencoded' when only the content-type 'application/json' and 'multipart/form-data' are supported"
      }
      

       

      After adding Content-Type header ...

      curl -X POST 
      -H "Content-type: application/json" 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      {"valid":false}
      

       

      After adding iPlanetDirectPro header ...  

      curl -X POST 
      -H "iPlanetDirectoryPro: yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*" 
      -H "Content-type: application/json" 
      -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      --data '{ "tokenId": "yRpsB_AzHTo1NmgxQRmP8sh-AYk.*AAJTSQACMDEAAlNLABxNZUlvRWp1c2lxVU5qWEtXTTVvUWpGYytkRTA9AAR0eXBlAANDVFMAAlMxAAA.*"}' 
      https://idp.frdpcloud.com/openam/json/realms/root/sessions?_action=validate
      
      {
        "valid":true,
        "sessionUid":"9c8abbe4-55d8-4759-abac-0b89ace2f4e1-340246",
        "uid":"bjensen",
        "realm":"/"
      }
      

      Should not need to added these two extra headers to make this REST call work, per the documentation.

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      org.forgerock.$className.java
      ...
      

        Attachments

          Activity

            People

            cristina.herraz Cristina Herraz [X] (Inactive)
            sfehrman Scott Fehrman [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: