Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13738

ForceAuth as default Option in query String

    XMLWordPrintable

Details

    • Rank:
      1|hzwwjr:

    Description

      Improvement Request:

      To allow for a AM configuration switch that makes ForceAuth=true the default again if the switch is turned on

       

      Issue background

      OpenAM 5.5.1 does not analyze authentication requests if they come with a valid SSO cookie (even if the password is wrong) and returns that SSO value right back in the responce.  
      OpenAM 12.0.3 does not do that.

      POST https://openam.example.com/sso/json/AMusers/authenticate HTTP/1.1

       

      Cookie: amlbcookie=08; ms-sso=0w2r7BpalQUgCprEYNW7Ni4jkn8.AAJTSQACMDMAAlNLABwwalkzS0pZaEJrNjVicEd2MWVMRGV0OXh2OFE9AAJTMQACMDc.

       

      X-OpenAm-Password: password1

       

      X-OpenAm-Username: amuser

       

      Content-Type: application/json

       

       

       

      Response is

       

      {

       

        "tokenId" : "0w2r7BpalQUgCprEYNW7Ni4jkn8.AAJTSQACMDMAAlNLABwwalkzS0pZaEJrNjVicEd2MWVMRGV0OXh2OFE9AAJTMQACMDc.",

       

        "successUrl" : "/sso/console",

       

       

        "realm" : "/Amsusers"

       

      }

       

      This change came from The change in behaviour looks to have come about from OPENAM-9516 (14.0.0) and the changes to AuthenticationServicev1.authenticate in

       

      to workaround this is to use  ForceAuth=true

      curl -X POST -k -H 'Content-type: application/octet-stream' -H 'X-OpenAM-username: demo' -H 'X-OpenAM-Password: wrong' --header 'Accept-API-Version: protocol=1.0,resource=2.0' -H 'Cookie: i18next=en-US; amlbcookie=01; iPlanetDirectoryPro=yfkS99aJ7pxSs4UiUFK-yiWbJBc.AAJTSQACMDEAAlNLABxlN1hXaEE5TUszeTlVZ2NVWUF4ckV2OE9YVkE9AAJTMQAA' 'https://openam.amtest2.com:8443/access/json/authenticate?ForceAuth=true'
      {"code":401,"reason":"Unauthorized","message":"Authentication Failed"}

       

      Business case:

      to make it ForceAuth=True as default

      Attachments

        Activity

          People

            Unassigned Unassigned
            jobby.thomas Jobby Thomas
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: