Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14837

Trusted Issuer lookup does not pick up modified issuer values

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Target Version/s:
    • Sprint:
      AM 2019.7 - Lighthouse

      Description

      Bug description

      There is a rather complex implementation for trusted JWT issuer lookup which includes caching as well. The cache implementation is based on the search filter, so it is possible to trigger a search, then modify the underlying configuration so that the issuer values are no longer matching, and search results will be still returned.

      How to reproduce the issue

      • Create a trusted issuer with issuer value "foo"
      • Send in a bearer JWT with foo issuer
      • Change the issuer value for the trusted JWT issuer in the configuration
      • Send in a bearer JWT with foo issuer
      • The request will succeed
      Expected behaviour

      The request fails and configuration changes are picked up immediately.

      Current behaviour

      The request succeeds, even though the issuer value no longer matches.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              peter.major Peter Major [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: