Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14873

OIDC - Issuer format in the JWT is not consistent depending on how the realm is formed in the request

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 6.5.0, 6.5.0.1, 6.5.1
    • Fix Version/s: None
    • Component/s: oauth2, OpenID Connect
    • Labels:
    • Target Version/s:
    • Rank:
      1|hzy6p3:
    • Sprint:
      AM Sustaining Sprint 64, AM Sustaining Sprint 65
    • Support Ticket IDs:

      Description

      Bug description

      Depending on the access token request for the same realm, the issuer is returned in a different way.

      How to reproduce the issue

      For the realm sub/subsub, send the following requests:
      First with realm path in the URL:

      curl -X POST \
        http://openam.example.com:18080/openam/oauth2/sub/subsub/access_token \
        -H 'Authorization: Basic bXlDbGllbnRJRDpwYXNzd29yZA==' \
        -H 'Content-Type: application/x-www-form-urlencoded' \
        -d 'grant_type=password&username=demo&password=changeit&scope=openid%20profile'
      

      The Issuer is:

      "iss": "http://openam.example.com:18080/openam/oauth2/sub/subsub"
      

      Now make the request again with the realm as a query parameter:

      curl -X POST \
        'http://openam.example.com:18080/openam/oauth2/access_token?realm=sub/subsub' \
        -H 'Authorization: Basic bXlDbGllbnRJRDpwYXNzd29yZA==' \
        -H 'Content-Type: application/x-www-form-urlencoded' \
        -d 'grant_type=password&username=demo&password=changeit&scope=openid%20profile'
      

      The Issuer is:

      "iss": "http://openam.example.com:18080/openam/oauth2/realms/root/realms/sub/realms/subsub"
      
      Expected behaviour
      The issuer format should be consistent (based on format 1)
      
      Current behaviour
      issuer format is different depending on how the realm is defined in the request
      

        Attachments

          Activity

            People

            Assignee:
            sachiko Sachiko Wallace
            Reporter:
            anastasios.kampas Anastasios Kampas
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: