Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13742

Docs: Remove references to non push notification Transactional Authorization

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not a defect
    • 14.5.0, 6.0.0
    • None
    • documentation

      Description

      In bug https://bugster.forgerock.org/jira/browse/OPENAM-12627 it shows the transaction as successful even if incorrect credentials are provided. There is a note from Andy Hall:

      Transactional Authorization was designed for Push Authz use-case. 

      This is fine, but the docs suggest using chains and modules as an alternative to using push notifications, so customers that don't use push notification will hit this bug which we won't fix. I think we should remove any suggestions of using non push authorization in https://backstage.forgerock.com/docs/am/6/authorization-guide/#chap-authz-implementation-transactional

      A couple of examples:

      For example, they must reauthenticate to an authentication module or respond to a push notification on their mobile device.

      and

      The user completes the required actions, for example authenticates to the specified chain, or responds to the push notification on their registered mobile device.

      There may be other references in the docs but I haven't fully checked. It may also be worth noting in the docs that this is designed specifically for Push Authorization.

        Attachments

          Activity

            People

            Unassigned Unassigned
            aaron.haskins Aaron Haskins
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: