Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13904

Authentication via REST API - Switching realms is not possible

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0
    • None
    • authentication, rest
    • Rank:
      1|hzx2d3:

      Description

      Bug description

      Using the REST API for authentication, it's not possible to change realms.

      How to reproduce the issue

      1. Create two realms, e.g realmA & realmB
      2. Authenticate to realmA for example using Postman
        curl -X POST \
          'http://openam.test.com:18080/openam/json/authenticate?authIndexType=service&authIndexValue=ldapService&realm=realmA' \
          -H 'Accept-API-Version: resource=2.0, protocol=1.0' \
          -H 'Cache-Control: no-cache' \
          -H 'Content-Type: application/json' \
          -H 'X-OpenAM-Password: changeit' \
          -H 'X-OpenAM-Username: demo'
        {
            "tokenId": "TzTd1g8GNvrJB57dMgt7t_5EPz0.*AAJTSQACMDEAAlNLABxBZXI5UGxRWG9idjREdnRzRU1DWktOSTJ3cGM9AAR0eXBlAANDVFMAAlMxAAA.*",
            "successUrl": "/openam/console",
            "realm": "/realma"
        }
        
      3. Don't delete cookies in Postman and authenticate to realmB
        curl -X POST \
          'http://openam.test.com:18080/openam/json/authenticate?authIndexType=service&authIndexValue=ldapService&realm=realmB' \
          -H 'Accept-API-Version: resource=2.0, protocol=1.0' \
          -H 'Cache-Control: no-cache' \
          -H 'Content-Type: application/json' \
          -H 'X-OpenAM-Password: changeit' \
          -H 'X-OpenAM-Username: demo'
        {
            "code": 401,
            "reason": "Unauthorized",
            "message": "Session Upgrade failed because old session is from a different realm"
        }
      Expected behaviour
      A callback so the user can decide if he wants to switch realms and log out from realmA
      
      Current behaviour
      Failing with 401, "Session Upgrade failed because old session is from a different realm"
      

      Work around

      Manually log out from realmA before logging it to realmB

       

        Attachments

          Issue Links

            Activity

              People

              Unassigned Unassigned
              anastasios.kampas Anastasios Kampas
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated: