Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13766

no configuration found for login with SessionConditionAdvice=deny

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.5.2, 5.5.1, 6.5.0
    • Fix Version/s: None
    • Component/s: authentication
    • Labels:
    • Rank:
      1|hzwxz3:

      Description

      Bug description

      Session condition advice deny will result in no configuration found. Issue was solved on agents side, see AMAGENTS-1331, by showing 403 to client instead of session upgrade screen. Which results in poor user experience. Very similar ticket is described in OPENAM-12265.

      How to reproduce the issue

      see https://bugster.forgerock.org/jira/browse/AMAGENTS-1331 or

      1. install AM
      2. try login with particular module advice - <Advices><AttributeValuePair><Attribute+name="AuthSchemeConditionAdvice"/><Value>LDAP</Value></AttributeValuePair></Advices> for example URL: http://amqa-clone70.test.forgerock.com:8080/openam/XUI/?goto=%2Fopenam%2Fcdcservlet%3FTARGET%3Dhttp%3A%2F%2Famqa-clone85.test.forgerock.com%2F%26RequestID%3DD391D40CD5C523621BE57CB51BEF89EF13DE4FB5C4E1415595F848EF837762C9%26MajorVersion%3D1%26MinorVersion%3D0%26ProviderID%3Dhttp%3A%2F%2Famqa-clone85.test.forgerock.com%3A80%2Famagent%26IssueInstant%3D2018-10-15T08%3A02%3A31Z&goto=http%3A%2F%2Famqa-clone85.test.forgerock.com%2F&RequestID=D391D40CD5C523621BE57CB51BEF89EF13DE4FB5C4E1415595F848EF837762C9&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F%2Famqa-clone85.test.forgerock.com%3A80%2Famagent&IssueInstant=2018-10-15T08%3A02%3A31Z&authIndexType=composite_advice&authIndexValue=%3CAdvices%3E%3CAttributeValuePair%3E%3CAttribute+name%3D%22AuthSchemeConditionAdvice%22%2F%3E%3CValue%3ELDAP%3C%2FValue%3E%3C%2FAttributeValuePair%3E%3C%2FAdvices%3E#login/
      3. try login with <Advices><AttributeValuePair><Attribute name="SessionConditionAdvice"/><Value>deny</Value></AttributeValuePair></Advices> for example url: http://amqa-clone70.test.forgerock.com:8080/openam/XUI/?goto=%2Fopenam%2Fcdcservlet%3FTARGET%3Dhttp%3A%2F%2Famqa-clone85.test.forgerock.com%2F%26RequestID%3DD391D40CD5C523621BE57CB51BEF89EF13DE4FB5C4E1415595F848EF837762C9%26MajorVersion%3D1%26MinorVersion%3D0%26ProviderID%3Dhttp%3A%2F%2Famqa-clone85.test.forgerock.com%3A80%2Famagent%26IssueInstant%3D2018-10-15T08%3A02%3A31Z&goto=http%3A%2F%2Famqa-clone85.test.forgerock.com%2F&RequestID=D391D40CD5C523621BE57CB51BEF89EF13DE4FB5C4E1415595F848EF837762C9&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F%2Famqa-clone85.test.forgerock.com%3A80%2Famagent&IssueInstant=2018-10-15T08%3A02%3A31Z&authIndexType=composite_advice&authIndexValue=%3CAdvices%3E%3CAttributeValuePair%3E%3CAttribute%20name%3D%22SessionConditionAdvice%22%2F%3E%3CValue%3Edeny%3C%2FValue%3E%3C%2FAttributeValuePair%3E%3C%2FAdvices%3E#login/
      Expected behaviour
      Session upgrade screen is seen in step 3. same as in step 2.
      Current behaviour
      There is no configuration found error in step 3:
      
      amAuth:10/15/2018 09:11:00:862 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      IndexType is COMPOSITE_ADVICE
      amAuth:10/15/2018 09:11:00:862 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      in CompositeAdvices constructor
      amAuth:10/15/2018 09:11:00:862 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      indexName : <Advices><AttributeValuePair><Attribute name="SessionConditionAdvice"/><Value>deny</Value></AttributeValuePair></Advices>
      amAuth:10/15/2018 09:11:00:862 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      orgDN     : dc=openam,dc=forgerock,dc=org
      amAuth:10/15/2018 09:11:00:862 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      userLocale: cs_CZ
      amAuth:10/15/2018 09:11:00:863 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      processCompositeAdviceXml - /ndecoded XML : <Advices><AttributeValuePair><Attribute name="SessionConditionAdvice"/><Value>deny</Value></AttributeValuePair></Advices>/nresult Map : {SessionConditionAdvice=[deny]}
      amAuth:10/15/2018 09:11:00:863 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      processCompositeAdvice - returnAuthInstances : {AuthSchemeConditionAdvice=[]}
      amAuth:10/15/2018 09:11:00:863 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      end CompositeAdvices constructor
      amAuth:10/15/2018 09:11:00:863 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      processCompositeAdvice:number of Modules/Services : 0
      amAuth:10/15/2018 09:11:00:864 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      getUserDN: null
      amAuth:10/15/2018 09:11:00:865 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      getUserDN: null
      amAuth:10/15/2018 09:11:00:865 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      resProperty is.. :No Configuration found|noConfig.jsp
      amAuthClientUtils:10/15/2018 09:11:00:865 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      errorCod='105', resProperty='No Configuration found|noConfig.jsp'
      amAuthClientUtils:10/15/2018 09:11:00:866 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      errorCod='105', resProperty='No Configuration found|noConfig.jsp'
      amAuth:10/15/2018 09:11:00:866 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      Error Message : No Configuration found
      amAuth:10/15/2018 09:11:00:866 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      Error Template: noConfig.jsp
      amAuth:10/15/2018 09:11:00:866 AM BST: Thread[http-nio-8080-exec-7,5,main]: TransactionId[5c779cd7-e91d-4bf1-ae23-547dbd9c0628-2322965]
      Error  :
      com.sun.identity.authentication.spi.AuthLoginException: No Configuration found|noConfig.jsp
          at com.sun.identity.authentication.service.AMLoginContext.processIndexType(AMLoginContext.java:1785)
          at com.sun.identity.authentication.service.AMLoginContext.executeLogin(AMLoginContext.java:367)
          at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:425)
          at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:350)
          at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:269)
          at org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper.login(AuthContextLocalWrapper.java:67)
          at org.forgerock.openam.core.rest.authn.core.LoginAuthenticator.startLoginProcess(LoginAuthenticator.java:152)
          at org.forgerock.openam.core.rest.authn.core.LoginAuthenticator.getLoginProcess(LoginAuthenticator.java:96)
          at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:212)
          at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.initiateAuthentication(RestAuthenticationHandler.java:125)
          at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:171)
          at sun.reflect.GeneratedMethodAccessor76.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:483)
          at org.forgerock.openam.http.annotations.AnnotatedMethod.invoke(AnnotatedMethod.java:76)
          at org.forgerock.openam.http.annotations.Endpoints$1.handle(Endpoints.java:64)
          at org.forgerock.http.routing.Router.handle(Router.java:100)
          at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:59)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.http.routing.Router.handle(Router.java:100)
          at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.http.routing.Router.handle(Router.java:100)
          at org.forgerock.http.routing.Router.handle(Router.java:100)
          at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:139)
          at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179)
          at org.forgerock.openam.rest.RealmRoutingFactory$HostnameFilter.filter(RealmRoutingFactory.java:116)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.http.routing.Router.handle(Router.java:100)
          at org.forgerock.http.routing.Router.handle(Router.java:100)
          at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
          at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
          at org.forgerock.caf.authentication.framework.AuthenticationFramework$$Lambda$321/1820174483.apply(Unknown Source)
          at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
          at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
          at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
          at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
          at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
          at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
          at org.forgerock.http.routing.Router.handle(Router.java:100)
          at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:62)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
          at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
          at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:258)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
          at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
          at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:65)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
          at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
          at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
          at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
          at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
          at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
          at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
          at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
          at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
          at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
          at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
          at java.lang.Thread.run(Thread.java:745)
      Caused by: com.sun.identity.authentication.service.AuthException: No Configuration found|noConfig.jsp
          at com.sun.identity.authentication.service.AMLoginContext.processCompositeAdvice(AMLoginContext.java:1324)
          at com.sun.identity.authentication.service.AMLoginContext.processIndexType(AMLoginContext.java:1772)
          ... 92 more
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lubomir.mlich Ľubomír Mlích
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated: