Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14929

idpSSOInit error when session authLevel does not map to Auth Context

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.1
    • Fix Version/s: 6.5.2, 7.0.0, 5.5.2
    • Component/s: None
    • Labels:
    • Sprint:
      AM Sustaining Sprint 63
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      With the change from OPENAM-14592 users will get an Error:

      ERROR: Error processing request

      com.sun.identity.saml2.common.SAML2Exception: No IDP Authentication Context matches the current Auth Level.

      If the IDP has no Auth Context that matches the session authLevel

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Setup OpenAM instances as IDP and SP
      2. On the IDP set the DataStore module to have Auth Level 7
      3. Authenticate to AM (IDP) using XUI Login page.
      4. Initiate idpSSOInit to SP
      Expected behaviour
      {..}
      
      Current behaviour
      {...}
      

      Work around

      Create Auth Context on IDP with same authLevel as AM auth modules.

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      DefaultIDPAuthnContextMapper.java
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sfraser Sam Fraser
                Reporter:
                sfraser Sam Fraser
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: