Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14694

Consent page still shows claim values even when supported claim description is omitted

    Details

    • Sprint:
      AM Sustaining Sprint 61, AM Sustaining Sprint 62, AM Sustaining Sprint 63
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      In documentation, it is mentioned that if the description of the supported claim has been omitted, it would not displayed on the consent page for the scope. However, the supported claim still displayed on the consent screen.

      How to reproduce the issue

      1. Configure OpenID Connect ([Realm] -> [Configure OAuth Provider] -> [Configure OpenID Connect] )
      2. In OpenAM 13.0.0: Create an OAuth 2 agent called myClientID ([Realm] -> [Agents] -> [OAuth2.0/OpenID Connect Client]
        In AM 6.x: Create an OAuth 2 agent called myClientID ([Realm] -> [Applications] -> [OAuth2.0]
      3. Configure the following in myClientID agent configuration:
        [Core] tab --> Redirection URIs : http://www.google.com
        [Core] tab --> Scope(s): openid profile
        In AM 6.5.x: Allow implicit grant ([Realm] -> [Applications] -> [OAuth2.0] ->  [OAuth2.0 Name] -> [Advanced]
      4. Configure the following in OAuth2Provider configuration ([Realm] -> [Services] -> [OAuth2 Provider] ):
        [Advanced] tab -> Supported Scopes: profile| (remove description "Your personal information")
        [OpenID Connect] tab -> Supported Claims: name| (remove description "Full name") family_name| (remove description "Full name")
      5. Accessing the URL to get the access token
        http://am.example.com:8080/openam/oauth2/authorize?client_id=myClientID&redirect_uri=http://www.google.com&response_type=id_token&scope=openid%20profile&nonce=1234
      6. Enter user credentials
      Expected behaviour
      Mentioned in (OpenAM 13, Reference & AM 6.5, OpenID Connect 1.0 Guide documentation) for Supported claims Attribute: 
      If the description is also omitted, nothing is displayed on the consent page for the claim. For example specifying family_name|would allow the claim family_name to be used by the client, but would not display it to the user on the consent page when requested.
      Current behaviour
      The consent screen is showing the the supported claims (img1).
      

        Attachments

        1. 6.5.1.png
          48 kB
          Ľubomír Mlích
        2. img1.png
          245 kB
          WanNing Tan

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                wanning.tan WanNing Tan
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: