Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13796

PAP does not execute if set at a chain level

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Not a defect
    • Affects Version/s: 6.0.0.4, 6.1.0
    • Fix Version/s: None
    • Component/s: session
    • Labels:
      None

      Description

      Bug description

      If a PAP is deployed and set at the Realm > Realm Name > Authentication > Chains > chain name > Settings level. It does not execute. However if it is set at the Realm > Realm Name > Authentication > Settings > Post Authentication Processing > Authentication Post Processing Classes level the PAP does successfully execute.

      How to reproduce the issue

      1. Deploy the attached openam-post-auth-sample-6.0.0.jar to WEB-LIB/lib of AM6 instance
      2. Login to AM, and create a chain called chain1 containing DataStore as REQUIRED
      3. Goto Realm > Realm Name > Authentication > Chains > chain1 > Settings and add com.forgerock.openam.examples.SamplePAP to the Post Authentication Processing Class section.
      4. From within the realm add the Session Property Whitelist Service and add Property1, Property2, Property3 all the way up to Property9
      5. Restart AM
      Edit the attached authN_Get_Session_Props_AM10.sh script to reflect the target FQDN of AM
      6. Execute authN_Get_Session_Props_AM10.sh
      7. Within the debug directory there will be a timestamped Authentication file showing the failure scenario
      8. Now make the PAP work; add com.forgerock.openam.examples.SamplePAP to Realm > Realm Name > Authentication > Settings > Post Authentication Processing > Authentication Post Processing Classes
      9. Repeat step 6 and 7

      Expected behaviour
      PAP executes when set at a chain level
      
      Current behaviour
      PAP does not execute:
      
      When PAP set at chain level:
      
        "properties": {
          "Property5": "",
          "AuthLevel": "10",
          "Property6": "",
          "Property4": "",
          "Property3": "",
          "Property2": "",
          "Property1": "",
          "AMCtxId": "f6542b77-f2f9-4ac1-96f4-45fbc25a5289-1753",
          "Property9": "",
          "Property8": "",
          "Property7": ""
        },
        "maxSessionExpirationTime": "2018-10-17T14:31:38Z",
        "maxIdleExpirationTime": "2018-10-17T13:01:39Z",
        "latestAccessTime": "2018-10-17T12:31:39Z",
        "realm": "/",
        "universalId": "id=amadmin,ou=user,dc=cfgstore,dc=bbc,dc=co,dc=uk",
        "username": "amadmin"
      }
      
      When PAP set at realm level:
      {
        "properties": {
          "Property5": "vr34vcvrgt",
          "AuthLevel": "10",
          "Property6": "435lrjkn4kj5",
          "Property4": "454354gdf4",
          "Property3": "34kjnfkrfgf",
          "Property2": "345kjnfr4",
          "Property1": "",
          "AMCtxId": "f6542b77-f2f9-4ac1-96f4-45fbc25a5289-1823",
          "Property9": "",
          "Property8": "435ljnfr4",
          "Property7": "435jk4hnjf4"
        },
        "maxSessionExpirationTime": "2018-10-17T14:35:42Z",
        "maxIdleExpirationTime": "2018-10-17T13:05:43Z",
        "latestAccessTime": "2018-10-17T12:35:43Z",
        "realm": "/",
        "universalId": "id=amadmin,ou=user,dc=cfgstore,dc=bbc,dc=co,dc=uk",
        "username": "amadmin"
      }
      

      Work around

      None

      Code analysis

      Looks to be a regression of https://bugster.forgerock.org/jira/browse/OPENAM-9979 and has been noted as already not working for trees here https://bugster.forgerock.org/jira/browse/AME-15760

      org.forgerock.$className.java
      ...
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              shokard Darinder Shokar
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: