Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14942

AM ../sessions API Does Not Honour API Versioning

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Not a defect
    • Affects Version/s: 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.5.1, 6.5.0.2
    • Fix Version/s: None
    • Labels:
    • Sprint:
      AM Sustaining Sprint 63
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      API versioning should ensure a customer can insulate themselves against changes in API.

      In version 5.x of AM a call to the

      ../openam/json/realms/root/sessions?_action=validate 
      

      endpoint returned a response like this:

      {
        "realm": "/",
        "uid": "demo",
        "valid": true
      }
      

      In AM 6.x the response now includes an additional parameter "sessionUid"

      {
        "realm": "/",
        "uid": "demo",
        "sessionUid": "773bd626-a7d3-4efc-94f4-6bffcd01d06d-1310",
        "valid": true
      }
      

      This is a breaking change, as customers are expecting the response to be unchanged if they specify the AM5 specific API version (2.0). This is not the case; irrelevant of API version this "sessionUid" is always returned.

      AM 6.5.1 response to /openam/json/realms/root/sessions?_action=validate:

      Validate call to AM 6.5.1 with oldest version of the API (v1.2):

      ----------------------------------
      Validate Token...
      ----------------------------------
      * Hostname was NOT found in DNS cache
      *  Trying 192.168.121.10...
      * Connected to openam.test.com (192.168.121.10) port 8395 (#0)
      > POST /openam/json/realms/root/sessions?_action=validate HTTP/1.1
      > User-Agent: curl/7.35.0
      > Host: openam.test.com:8395
      > Accept: */*
      > Cookie: iPlanetDirectoryPro=hFsgwQ9WcGi1ImZWJhuy88ZKYWw.*AAJTSQACMDIAAlNLABxzLzJCVXAycEwxYXFFaFl2ZUlEc0ROdmdTNmc9AAR0eXBlAANDVFMAAlMxAAIwMQ..*
      >
      < HTTP/1.1 200 OK
      * Server Apache-Coyote/1.1 is not blacklisted
      < Server: Apache-Coyote/1.1
      < X-Frame-Options: SAMEORIGIN
      < Cache-Control: no-cache
      < Content-API-Version: resource=1.2
      < X-Content-Type-Options: nosniff
      < Content-Type: application/json;charset=UTF-8
      < Content-Length: 96
      < Date: Fri, 17 May 2019 08:33:35 GMT
      <
      { [data not shown]
      * Connection #0 to host openam.test.com left intact
      {
        "realm": "/",
        "uid": "demo",
        "sessionUid": "773bd626-a7d3-4efc-94f4-6bffcd01d06d-1310",
        "valid": true
      }
      

      Validate call with the newest version of the API (v3.1):

      ----------------------------------
      Validate Token...
      ----------------------------------
      * Hostname was NOT found in DNS cache
      *  Trying 192.168.121.10...
      * Connected to openam.test.com (192.168.121.10) port 8395 (#0)
      > POST /openam/json/realms/root/sessions?_action=validate HTTP/1.1
      > User-Agent: curl/7.35.0
      > Host: openam.test.com:8395
      > Accept: */*
      > Cookie: iPlanetDirectoryPro=b59jhpOCsNh3j5Ua7-A60kH3G6Y.*AAJTSQACMDIAAlNLABwvYlpUQldxUGFQc3pEbWZ6YUthbEk2cno5d289AAR0eXBlAANDVFMAAlMxAAIwMQ..*
      >
      < HTTP/1.1 200 OK
      * Server Apache-Coyote/1.1 is not blacklisted
      < Server: Apache-Coyote/1.1
      < X-Frame-Options: SAMEORIGIN
      < Cache-Control: no-cache
      < Content-API-Version: resource=3.1
      < X-Content-Type-Options: nosniff
      < Content-Type: application/json;charset=UTF-8
      < Content-Length: 96
      < Date: Fri, 17 May 2019 08:34:40 GMT
      <
      { [data not shown]
      * Connection #0 to host openam.test.com left intact
      {
        "realm": "/",
        "uid": "demo",
        "sessionUid": "773bd626-a7d3-4efc-94f4-6bffcd01d06d-1373",
        "valid": true
      }‚Äč
      
      

      AM 5 response:

      ----------------------------------
      Validate Token...
      ----------------------------------
      * Hostname was NOT found in DNS cache
      *  Trying 192.168.121.10...
      * Connected to openam.test.com (192.168.121.10) port 8080 (#0)
      > POST /openam/json/realms/root/sessions?_action=validate HTTP/1.1
      > User-Agent: curl/7.35.0
      > Host: openam.test.com:8080
      > Accept: */*
      > Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfczOvZKPyjWrWOvwij9sSzgl-BDCKKdaBpc.*AAJTSQACMDEAAlNLABI5MzIyNTc2NjQ4Nzg0NDc5MjkAAlMxAAA.*
      > Accept-API-Version: resource=1.2
      >
      < HTTP/1.1 200 OK
      * Server Apache-Coyote/1.1 is not blacklisted
      < Server: Apache-Coyote/1.1
      < X-Frame-Options: SAMEORIGIN
      < Cache-Control: no-cache
      < Content-API-Version: resource=2.0 (Also tried resource=1.2)
      < Content-Type: application/json;charset=UTF-8
      < Transfer-Encoding: chunked
      < Date: Fri, 17 May 2019 08:37:04 GMT
      <
      { [data not shown]
      * Connection #0 to host openam.test.com left intact
      {
        "realm": "/",
        "uid": "demo",
        "valid": true
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                shokard Darinder Shokar
              • Votes:
                1 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: