Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13974

Push authentication: When hit push endpoint with the "_action=skip" then the device registration is forced for user

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0
    • Fix Version/s: 6.5.0
    • Component/s: None
    • Labels:

      Description

      Bug description

      When hit push endpoint with the "_action=skip" then the device registration is forced for user however the device registration flow isn't forced in authentication settings. 
      When authenticate with the user to the push chain with Data Store then the screen with options: Register device and Get the app is displayed. No skip button present. When click on Get the app user can now see the Skip button but if it's pressed then the 500 Internal Server error "Authentication Error" occurs. The flow is illustrated on the attached screenshots 1.png -> 2.png -> 3.png -> 4.png

      How to reproduce the issue

      Setup:

      1. As admin add the Push Notification service and configure. (You will need to obtain SNS credentials)
      2. Create push registration module and push module.
      3. Create a push registration chain with the following modules:
        DataStore: required
        Push registration: required
        Push: required
      4. Log out and authenticate to the push registration chain with a common user

      Test scenario:

      1. When authenticated with username and password to the data store click on the Skip button on device registration screen to skip registration step in further authentications.
        Check wether user isn't asked to register the device if authenticates again. If he isn't then proceed with following steps:
      2. Authenticate with REST as a user who skipped the two factor authentication
        curl -X POST -H "X-OpenAM-Username: demo" -H "X-OpenAM-Password: changeit" -H "Content-Type: application/json" --header "Accept-API-Version: resource=2.0, protocol=1.0" http://joanna.example.com:8080/openam/json/realms/root/authenticate -v

        Get the token and use it in the next requests ( -H "iPlanetDirectoryPro: user_token" )
        Check wether the 2 factor auth is skipped usigng check action:

        curl -X POST -H "iPlanetDirectoryPro: wAQWGDUBUZYUVcyCfim6dBveB2g.*AAJTSQACMDEAAlNLABxOektCRTlSWE01WmJOYkRveThrRURZQXgxQzg9AAR0eXBlAANDVFMAAlMxAAA.*" "http://joanna.example.com:8080/openam/json/users/demo/devices/2fa/push?_action=check" --header "Accept-API-Version: resource=1.0, protocol=1.0" -v

        If it is skipped then the expected response is:

        {"result":true}

        Use the reset option to reset user's settings:

        curl -X POST -H "iPlanetDirectoryPro: wAQWGDUBUZYUVcyCfim6dBveB2g.*AAJTSQACMDEAAlNLABxOektCRTlSWE01WmJOYkRveThrRURZQXgxQzg9AAR0eXBlAANDVFMAAlMxAAA.*" "http://joanna.example.com:8080/openam/json/users/demo/devices/2fa/push?_action=reset" --header "Accept-API-Version: resource=1.0, protocol=1.0" -v

        Use the "check" action to verify if the skip setting was reset.
        The response should be:

        {"result":false}

        Now go to the push reg chain again with the user in the XUI and skip the 2 factor authentication again.
        Use the skip command with a value of "false" to see if the skip is reset to false.

        curl -X POST -H "Content-Type: application/json" -H "iPlanetDirectoryPro: wAQWGDUBUZYUVcyCfim6dBveB2g.*AAJTSQACMDEAAlNLABxOektCRTlSWE01WmJOYkRveThrRURZQXgxQzg9AAR0eXBlAANDVFMAAlMxAAA.*" "http://joanna.example.com:8080/openam/json/users/demo/devices/2fa/push?_action=skip" -d '{"value":false}' --header "Accept-API-Version: resource=1.0, protocol=1.0" -v

        Use the "check" action to verify if the skip setting was reset.
        The response should be:

        {"result":false}
      Expected behaviour
      When user authenticates to the push chain in a browser he is asked to register the device and the Skip button is present on device registration screen and can be pressed to skip device registration and log in to AM
      Current behaviour
      When user authenticated to the push chain in a browser he is asked to register the device but no Skip button is present on screen. If user pushes the button to Get the app he is redirected to get the app screen where the Skip button is present. But when press on the Skip button then the Authentication Error occurs.

       

        Attachments

        1. 1.png
          1.png
          220 kB
        2. 2.png
          2.png
          226 kB
        3. 3.png
          3.png
          246 kB
        4. 4.png
          4.png
          202 kB

          Issue Links

            Activity

              People

              • Assignee:
                david.luna@forgerock.com David Luna
                Reporter:
                joanna.wasilewska Joanna Wasilewska [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: