Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14492

accessing 'AM_DEPLOYMENT_URI/ui-admin' as regular user shows profile page

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: console, XUI
    • Labels:
    • Environment:
      Oracle JDK jdk1.8.0_201
      Apache Tomcat/9.0.8
      AM 7.0.0 (c36edcc20aab37e8bc86e092e0552951ba0cc6a5)
    • Target Version/s:
    • Sprint:
      2019.3 - Alphabet

      Description

      Bug description

      Accessing AM_DEPLOYMENT_URI/ui-admin as regular end user shows user's profile page

      How to reproduce the issue

      1. Configure AM using amster (e.g. install-openam --adminPwd SOME_PASSWORD --acceptLicense --cfgDir /var/AM-Deployments/amMaster --serverUrl http://amMaster.test.xyz:8080/am
      2. Perform realm-based authentication (http://amMaster.test.xyz:8080/am/XUI/#login)
      3. Authenticate as user 'demo'
      4. Request AM_DEPLOYMENT_URI/ui-admin (http://amMaster.test.xyz:8080/am/ui-admin)
      Expected behaviour
      Page showing "Forbidden You are not authorized to view this page." should be shown.
      
      Current behaviour
      Enduser profile page is shown.
      

        Attachments

          Activity

            People

            • Assignee:
              phil.ostler Phil Ostler [X] (Inactive)
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: