-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.5.0, 7.0.0
-
Component/s: authentication, oauth2, OpenID Connect
Bug description
When AM is installed into the root context, the social auth modules (not tree nodes) do not work.
How to reproduce the issue
- Install AM into the root context of your container
- Configure a social auth module - e.g. by running the Google wizard in the root realm
- Try to log in using that newly created auth chain
Expected behaviour
You should be able to log in.
Current behaviour
After redirect from Google the request fails with "Request not valid !".
Work around
Adding a dummy parameter a=b to the authentication request seems to let it get a bit further (but it still fails for me, still investigating why).
Code analysis
org.forgerock.openam.authentication.modules.social.AbstractSocialAuthLoginModule#addDomainCookiesToResponse calls down to org.forgerock.openam.authentication.modules.oauth2.OAuthUtil#getOriginalUrl to get the original URL to set as the "ORIG_URL" cookie before redirecting to Google. When AM is installed in the root context, this method returns an empty string.
After the redirect back from Google, we end up in org.forgerock.openam.authentication.modules.oauth2.OAuthProxy#continueAuthentication which fails because the ORIG_URL cookie value is empty.
