Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14217

getSessionInfo resource 2.1 fails with Internal Server Error

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: rest, session
    • Labels:
    • Target Version/s:
    • Sprint:
      2019.4 - Coins

      Description

      Bug description

      Performing a curl based command to getSessionInfo endpoint, v2.1 resource results in error 500 response, Internal Server Error.

      How to reproduce the issue

      1. Deploy AM 7.0.0 snapshot, e.g. url https://openam.amtest2.com:8443/access, cookie domain amtest2.com, embedded config and user store, single server deployment.
      2. Perform a curl based authentication command, e.g: curl -X POST -k -H 'Content-type: application/octet-stream' -H 'X-OpenAM-username: demo' -H 'X-OpenAM-Password: changeit' --header 'Accept-API-Version: protocol=1.0,resource=2.0' 'https://openam.amtest2.com:8443/access/json/authenticate'
      3. Perform a getSessionInfo e.g.: curl -k -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Accept-API-Version: resource=2.1' 'https://openam.amtest2.com:8443/access/json/sessions?tokenId=<token>&_action=getSessionInfo'
      Expected behaviour
      See a valid response e.g.:
      {"username":"demo","universalId":"id=demo,ou=user,dc=openam,dc=forgerock,dc=org","realm":"/","latestAccessTime":"2019-01-09T17:25:26Z","maxIdleExpirationTime":"2019-01-09T17:55:26Z","maxSessionExpirationTime":"2019-01-09T19:25:25Z","properties":{"AMCtxId":"f2bdc4e7-bda6-456b-9c3a-141d2637c6b4-12857"}}
      Current behaviour
      See the following response:
      {"code":500,"reason":"Internal Server Error","message":"Caught exception while getting session info"}

      Work around

      Perform request using API explorer.  This works in browser.  But note that using the curl command given as an example in the API explorer also results in error 500.

      Curl request works successfully in AM 6.5.0. 

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      AbstractSessionPropertiesActionHandler.getSessionProperties
      
      ...
      final SSOToken callerToken = context.asContext(SSOTokenContext.class).getCallerSSOToken();
      ...
      
      The above line results in a callerToken of null.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lawrence.yarham Lawrence Yarham
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: