Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14115

Sample Auth module does not work in a chain when used with Shared-state


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0,,,,
    • Fix Version/s: 6.5.1, 6.0.1, 5.5.2, 7.0.0
    • Component/s: samples
    • Labels:
    • Sprint:
      AM Sustaining Sprint 58
    • Story Points:
    • Needs backport:
    • Support Ticket IDs:
    • Needs QA verification:
    • Functional tests:
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description


      Bug description

      Putting the Sampleuth as the 2nd module in a chain and setting shared-state causes the authentication not to work
      and throws

      amAuth:12/12/2018 09:27:51:157 AM SGT: Thread[http-nio-8080-exec-4,5,main]: TransactionId[d00216fa-3ead-45e7-acfb-8dab6ad9eb82-4419]
      LOGINFAILED Error....
      amAuth:12/12/2018 09:27:51:157 AM SGT: Thread[http-nio-8080-exec-4,5,main]: TransactionId[d00216fa-3ead-45e7-acfb-8dab6ad9eb82-4419]
      Exception :
      com.sun.identity.authentication.spi.AuthLoginException: Invalid module state: 2
              at com.sun.identity.authentication.spi.AMLoginModule.substituteHeader(AMLoginModule.java:831)
              at org.forgerock.openam.examples.SampleAuth.substituteUIStrings(SampleAuth.java:165)
              at org.forgerock.openam.examples.SampleAuth.process(SampleAuth.java:109)
              at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1082)
              at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1208)

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Compile the AM sample custom auth module and deploy it and create user test1 too
      2. Create a new chain
      3. Add DataStore as first moddule (REQUIRED)
      4. Add Sample Auth module to 2nd module with the shared-stated behaviour enabled
      5. Try to access this chain
      Expected behaviour
      The chain works for testing the sample auth
      Current behaviour
      The chain fails even for normal demo user

      Work around

      The example needs to be update to be more correct and reflect how this may be used when Callbacks
      is replaced or used in a chain. Eg like in LDAP.java

      @@ -106,6 +106,8 @@ public class SampleAuth extends AMLoginModule {
                   case STATE_BEGIN:
                       // No time wasted here - simply modify the UI and
                       // proceed to next state
      +                setForceCallbacksRead(true);
      +                forceCallbacksInit();
                       return STATE_AUTH;

      The following may be needed when used in module that has shared state enabled
      to initialize the Callback list the first time. (or if any callback is changed).




            • Assignee:
              chee-weng.chea C-Weng C
              chee-weng.chea C-Weng C
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: