Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13861

Social Authentication Tree does not complete its flow with ForceAuth parameter

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0.4
    • Fix Version/s: 6.5.1, 14.1.2, 6.0.1, 7.0.0, 5.5.2
    • Component/s: None
    • Labels:
    • Sprint:
      AM Sustaining Sprint 57, AM Sustaining Sprint 58, AM Sustaining Sprint 59
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Social Authentication Tree does not work with ForceAuth parameter.

      How to reproduce the issue

      1. login to admin console
      2. select realm -> [Authentication] -> [Trees] -> click [+ Create Tree] button
      3. Type in "Tree Name: SocialGoogleTree" and click [Create]
      4. On Authentication - Tree" editor screen, select "Social Google", "Polling Wait Node", "Social Ignore Profile" and "Success" nodes from the Components list.

      • Select "Social Google" node and type in "Client ID" and "Client Secret" input field
      • Select "Social Google" node and add "?prompt=consent" to "Authentication Endpoint URL" value
        ie. https://accounts.google.com/o/oauth2/v2/auth?prompt=consent
      • Select "Polling Wait Node" and enable "Exitable" toggle button
        Please refer to attached img1.png for how each components should be connected.
        NOTE: "Polling Wait Node" is added just to demonstrate how this node is not triggered during "forceAuth=true"

      4-workaround. Until OPENAM-13908 is fixed, use this step if local profile doesn't exist.
      On Authentication - Tree" editor screen, select "Social Google", "Polling Wait Node", "Anonymous User Mapping" and "Success" nodes from the Components list.

      • Select "Social Google" node and type in "Client ID" and "Client Secret" input field
      • Select "Social Google" node and add "?prompt=consent" to "Authentication Endpoint URL" value
        ie. https://accounts.google.com/o/oauth2/v2/auth?prompt=consent
      • Select "Polling Wait Node" and enable "Exitable" toggle button

      5. logout of admin console
      6. Enter the URL to trigger SocialGoogleTree : http://am.example.com:8080/openam/XUI/#login/&service=SocialGoogleTree
      7. you will see user profile page after "Waiting for response ..." polling screen is displayed for configured seconds (default is 8 seconds).
      8. Now while you are still logged in from step 6, trigger the same authentication tree again. This time with ForceAuth=true parameter:
      http://am.example.com:8080/openam/XUI/#login/&service=SocialGoogleTree&ForceAuth=true
      8-repro. Notice you will not see "Waiting for response ..." polling screen

      NOTE: When you fail to authenticate, auth process halt/hang as it's explained in OPENAM-13908. This halt/hang is not related to OPENAM-13861.

      Expected behaviour
      During the second authentication with ForceAuth, you should see the polling state again after google authentication. 
      Current behaviour
      Direct to user profile page.
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                wanning.tan WanNing Tan
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: