Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14214

Social auth modules do not work in a sub-realm

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 6.5.0, 7.0.0
    • Fix Version/s: None
    • Component/s: authentication
    • Needs QA verification:
      Yes
    • Functional tests:
      No

      Description

      Bug description

      The social auth/oauth modules (not tree nodes) appear not to work in a sub-realm since the fix for  OPENAM-9257. 

      How to reproduce the issue

      1. Configure a social auth module (e.g. Google via the wizard) in a sub-realm
      2. Try to login with it
      Expected behaviour

      Login succeeds.

      Current behaviour

      Login fails with "Request not valid !"

      Work around

      Use the social auth tree nodes instead.

      Code analysis

      org.forgerock.openam.authentication.modules.oauth2.OAuthProxy
      if (hasReservedParameters(req)) {
          OAuthUtil.debugError("OAuthProxy.toPostForm: Request has reserved parameters in the query string. " +
      "Parameters: " + req.getParameterMap().keySet());
          out.println(getError("Request not valid !"));
          return;
      }

      The hasReservedParameters method checks to make sure that the URL after the redirect doesn't contain various special parameters, including the "realm" parameter. When running in a sub-realm, this URL will always contain a "realm" parameter unless you have a DNS alias configured for the realm. 

        Attachments

          Activity

            People

            Assignee:
            gabor.melkvi Gabor Melkvi
            Reporter:
            neil.madden Neil Madden
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: