Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14737

Oauth2 client id instead of display name in dynamicaly registered client consent page

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: oauth2
    • Target Version/s:
    • Rank:
      1|hzy0o7:

      Description

      Bug description

      Id of oauth2 dynamically registered client is displayed instead of display name.

      How to reproduce the issue

      1. Configure oauth2 service
      2. Enable client dynamic registration
      3. Create one oauth2 client dynamically and one in AM UI
      4. Login in AM and copy iPDP cookie value
      5. do request in cli and check for displayname
      Expected behaviour

      With client created in AM admin UI displayname is there:

      http -v --follow "http://amqa-clone70.test.forgerock.com:8080/openam/oauth2/authorize?response_type=code&client_id=<ui_registered_client_id>&redirect_uri=http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html&scope=openid%20profile" "Cookie: iPlanetDirectoryPro=<iPDP cookie value>"
      GET /openam/oauth2/authorize?response_type=code&client_id=MyClientID&redirect_uri=http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html&scope=openid%20profile HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      Connection: keep-alive
      Cookie:  iPlanetDirectoryPro=q-fj7ddbqwGJ5Akirw4i7mo42Q0.*AAJTSQACMDEAAlNLABxwU21pRUVuT3ZmV0VjdWJoK04wZ3ZMTVVtL0U9AAR0eXBlAANDVFMAAlMxAAA.*
      Host: amqa-clone70.test.forgerock.com:8080
      User-Agent: HTTPie/0.9.2HTTP/1.1 200 
      Cache-Control: no-store
      Content-Length: 2932
      Content-Type: text/html;charset=utf-8
      Date: Fri, 05 Apr 2019 12:23:58 GMT
      Pragma: no-cache
      X-Frame-Options: SAMEORIGIN<!DOCTYPE html>
      <!--
        ~ DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
        ~
        ~ Copyright 2012-2018 ForgeRock AS.
        ~
        ~ The contents of this file are subject to the terms
        ~ of the Common Development and Distribution License
        ~ (the License). You may not use this file except in
        ~ compliance with the License.
        ~
        ~ You can obtain a copy of the License at
        ~ http://forgerock.org/license/CDDLv1.0.html
        ~ See the License for the specific language governing
        ~ permission and limitations under the License.
        ~
        ~ When distributing Covered Code, include this CDDL
        ~ Header Notice in each file and include the License file
        ~ at http://forgerock.org/license/CDDLv1.0.html
        ~ If applicable, add the following below the CDDL Header,
        ~ with the fields enclosed by brackets [] replaced by
        ~ your own identifying information:
        ~ "Portions Copyrighted [year] [name of copyright owner]"
        ~
        ~ Portions Copyrighted 2014 Nomura Research Institute, Ltd
        -->
      <html lang="en">
          <head>
              <meta charset="utf-8">
              <meta http-equiv="X-UA-Compatible" content="IE=edge">
              <meta name="viewport" content="width=device-width, initial-scale=1">
              <meta name="description" content="OAuth2 Authorization">
              <title>OAuth2 Authorization Server</title>
          </head>    <body style="display:none">
              <div id="wrapper">Loading...</div>
              <footer id="footer" class="footer"></footer>
              <script type="text/javascript">
                  pageData = {
                      
                      
                      serverLang: "en-US",
                      baseUrl : "http://amqa-clone70.test.forgerock.com:8080/openam/XUI/",
                      oauth2Data: {
                          redirectUri: "http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html",
                          scope: "openid profile",
                          
                          
                          acr: "0",
                          csrf: "q-fj7ddbqwGJ5Akirw4i7mo42Q0.*AAJTSQACMDEAAlNLABxwU21pRUVuT3ZmV0VjdWJoK04wZ3ZMTVVtL0U9AAR0eXBlAANDVFMAAlMxAAA.*",
                          displayDescription: "",
                          responseType: "code",
                          clientId: "MyClientID",
                          
                          
                          
                          formTarget: "\/openam/oauth2/authorize?response_type=code&client_id=MyClientID&redirect_uri=http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html&scope=openid%20profile",
                          displayName: "MyClientID",
                          userName: "demo",
                          
                          
                          
                          displayScopes: [ { "name": "Your personal information", "values": { "Family name": "demo", "Full name": "demo" } } ],
                          displayClaims: [  ]
                      }
                  };
              </script>
              <script src="http://amqa-clone70.test.forgerock.com:8080/openam/XUI/main-authorize.js"></script>
          </body>
      </html>
      
      
      Current behaviour

      Dynamically created client show id instead of displayname - we did not succeed in reproduction in GUI, only in CLI.

      Command used to register client:

      $ curl  --request POST  --header "Content-Type: application/json"  --data '{
       "redirect_uris": ["http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html"],
       "client_name": "My Client",
       "client_uri": "http://amqa-clone70.test.forgerock.com:8080/openid"
       }' http://amqa-clone70.test.forgerock.com:8080/openam/oauth2/register
      

      Command to call request:

      http -v --follow "http://amqa-clone70.test.forgerock.com:8080/openam/oauth2/authorize?response_type=code&client_id=<registered_client_id>&redirect_uri=http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html&scope=openid%20profile"  "Cookie: iPlanetDirectoryPro=<iPDP cookie value>"
      GET /openam/oauth2/authorize?response_type=code&client_id=46367b22-c389-48a2-a17f-e5d569112457&redirect_uri=http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html&scope=openid%20profile HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      Connection: keep-alive
      Cookie:  iPlanetDirectoryPro=q-fj7ddbqwGJ5Akirw4i7mo42Q0.*AAJTSQACMDEAAlNLABxwU21pRUVuT3ZmV0VjdWJoK04wZ3ZMTVVtL0U9AAR0eXBlAANDVFMAAlMxAAA.*
      Host: amqa-clone70.test.forgerock.com:8080
      User-Agent: HTTPie/0.9.2HTTP/1.1 200 
      Cache-Control: no-store
      Content-Length: 3010
      Content-Type: text/html;charset=utf-8
      Date: Fri, 05 Apr 2019 12:24:06 GMT
      Pragma: no-cache
      X-Frame-Options: SAMEORIGIN<!DOCTYPE html>
      <!--
        ~ DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
        ~
        ~ Copyright 2012-2018 ForgeRock AS.
        ~
        ~ The contents of this file are subject to the terms
        ~ of the Common Development and Distribution License
        ~ (the License). You may not use this file except in
        ~ compliance with the License.
        ~
        ~ You can obtain a copy of the License at
        ~ http://forgerock.org/license/CDDLv1.0.html
        ~ See the License for the specific language governing
        ~ permission and limitations under the License.
        ~
        ~ When distributing Covered Code, include this CDDL
        ~ Header Notice in each file and include the License file
        ~ at http://forgerock.org/license/CDDLv1.0.html
        ~ If applicable, add the following below the CDDL Header,
        ~ with the fields enclosed by brackets [] replaced by
        ~ your own identifying information:
        ~ "Portions Copyrighted [year] [name of copyright owner]"
        ~
        ~ Portions Copyrighted 2014 Nomura Research Institute, Ltd
        -->
      <html lang="en">
          <head>
              <meta charset="utf-8">
              <meta http-equiv="X-UA-Compatible" content="IE=edge">
              <meta name="viewport" content="width=device-width, initial-scale=1">
              <meta name="description" content="OAuth2 Authorization">
              <title>OAuth2 Authorization Server</title>
          </head>    <body style="display:none">
              <div id="wrapper">Loading...</div>
              <footer id="footer" class="footer"></footer>
              <script type="text/javascript">
                  pageData = {
                      
                      
                      serverLang: "en-US",
                      baseUrl : "http://amqa-clone70.test.forgerock.com:8080/openam/XUI/",
                      oauth2Data: {
                          redirectUri: "http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html",
                          scope: "openid profile",
                          
                          
                          acr: "0",
                          csrf: "q-fj7ddbqwGJ5Akirw4i7mo42Q0.*AAJTSQACMDEAAlNLABxwU21pRUVuT3ZmV0VjdWJoK04wZ3ZMTVVtL0U9AAR0eXBlAANDVFMAAlMxAAA.*",
                          displayDescription: "",
                          responseType: "code",
                          clientId: "46367b22-c389-48a2-a17f-e5d569112457",
                          
                          
                          
                          formTarget: "\/openam/oauth2/authorize?response_type=code&client_id=46367b22-c389-48a2-a17f-e5d569112457&redirect_uri=http://amqa-clone70.test.forgerock.com:8080/openid/cb-basic.html&scope=openid%20profile",
                          displayName: "46367b22-c389-48a2-a17f-e5d569112457",
                          userName: "demo",
                          
                          
                          
                          displayScopes: [ { "name": "Your personal information", "values": { "Family name": "demo", "Full name": "demo" } } ],
                          displayClaims: [  ]
                      }
                  };
              </script>
              <script src="http://amqa-clone70.test.forgerock.com:8080/openam/XUI/main-authorize.js"></script>
          </body>
      </html>
      
      

      Code analysis

      According to Jan Hajovsky IG tests display this failure following commit https://stash.forgerock.org/projects/OPENAM/repos/openam/commits/be5c9305f84f7b4ca18cdd9d44a7351c3993a76c by James Phillpotts

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              lubomir.mlich Ľubomír Mlích
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: