Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15063

when binding message of CIBA request is too long, notification fail to be sent

    Details

    • Sprint:
      AM 2019.9 - Crane
    • Needs backport:
      Yes

      Description

      Bug description

      Notification will fail, if there is quote in binding message in JWT of CIBA request.

      this doesn't work: "binding_message": "Allow ExampleBank to transfer £50 from your 'Main' account to your 'Savings' account? Reference: 0246326",
      this works: "binding_message": "Allow ExampleBank to transfer £50 from your Main account to your Savings account? Reference: 0246326",

      How to reproduce the issue

      1. configure CIBA following https://docs.google.com/document/d/1HlPCIUDZj7uQsMXOTie_hSGzE3qaS0Rn4GJg_1KKfYc/edit#
      2. use quotes in binding message in JWT
      Expected behaviour
      Notification is sent to mobile phone
      
      Current behaviou
      Client will see:
      
      {
          "error": "server_error",
          "error_description": "Error occurred during authentication"
      }
      
      And in the debug there is:
      
      ERROR: Unable to create the OAuth2 request
      org.forgerock.oauth2.core.exceptions.ServerException: Error occurred during authentication
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.retrieveAuthenticationResponse(CtsBackChannelAuthnService.java:201)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiateAuthentication(CtsBackChannelAuthnService.java:102)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiateAuthentication(CtsBackChannelAuthnService.java:120)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiate(CtsBackChannelAuthnService.java:94)
      	at org.forgerock.oauth2.restlet.BackChannelResource.backChannelAuthorize(BackChannelResource.java:166)
      	at sun.reflect.GeneratedMethodAccessor146.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.restlet.resource.ServerResource.doHandle(ServerResource.java:508)
      	at org.restlet.resource.ServerResource.post(ServerResource.java:1341)
      	at org.restlet.resource.ServerResource.doHandle(ServerResource.java:606)
      	at org.restlet.resource.ServerResource.doNegotiatedHandle(ServerResource.java:662)
      	at org.restlet.resource.ServerResource.doConditionalHandle(ServerResource.java:348)
      	at org.restlet.resource.ServerResource.handle(ServerResource.java:1020)
      	at org.restlet.resource.Finder.handle(Finder.java:236)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Router.doHandle(Router.java:422)
      	at org.forgerock.openam.rest.service.RestletRealmRouter.doHandle(RestletRealmRouter.java:94)
      	at org.restlet.routing.Router.handle(Router.java:641)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:140)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202)
      	at org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:77)
      	at org.restlet.Application.handle(Application.java:385)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Router.doHandle(Router.java:422)
      	at org.restlet.routing.Router.handle(Router.java:641)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Router.doHandle(Router.java:422)
      	at org.restlet.routing.Router.handle(Router.java:641)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202)
      	at org.restlet.Component.handle(Component.java:408)
      	at org.restlet.Server.handle(Server.java:507)
      	at org.restlet.engine.connector.ServerHelper.handle(ServerHelper.java:63)
      	at org.restlet.engine.adapter.HttpServerHelper.handle(HttpServerHelper.java:143)
      	at org.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:1117)
      	at org.forgerock.openam.rest.RestEndpointServlet$RestletHandler.handle(RestEndpointServlet.java:183)
      	at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179)
      	at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:87)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:264)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
      	at org.forgerock.openam.rest.RestEndpointServlet$HttpServletWrapper.service(RestEndpointServlet.java:254)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
      	at org.forgerock.openam.rest.RestEndpointServlet.service(RestEndpointServlet.java:132)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: org.forgerock.openam.core.rest.authn.exceptions.RestAuthException: Login failure
      	at org.forgerock.openam.core.rest.authn.trees.FailureProcessTreeResult.authFailureException(FailureProcessTreeResult.java:92)
      	at org.forgerock.openam.core.rest.authn.trees.AuthTrees.processTree(AuthTrees.java:424)
      	at org.forgerock.openam.core.rest.authn.trees.AuthTrees.evaluateTreeAndProcessResult(AuthTrees.java:261)
      	at org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:253)
      	at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:222)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.retrieveAuthenticationResponse(CtsBackChannelAuthnService.java:185)
      	... 95 more
      Caused by: org.forgerock.openam.auth.node.api.NodeProcessException: Node processing failed
      	at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:108)
      	at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:149)
      	at org.forgerock.openam.core.rest.authn.trees.AuthTrees.processTree(AuthTrees.java:421)
      	... 99 more
      Caused by: com.amazonaws.services.sns.model.InvalidParameterException: Invalid parameter: Subject (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID: 68bef8ed-4430-565f-b802-ad94cb034458)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1639)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1056)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
      	at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
      	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
      	at com.amazonaws.services.sns.AmazonSNSClient.doInvoke(AmazonSNSClient.java:2270)
      	at com.amazonaws.services.sns.AmazonSNSClient.invoke(AmazonSNSClient.java:2246)
      	at com.amazonaws.services.sns.AmazonSNSClient.executePublish(AmazonSNSClient.java:1698)
      	at com.amazonaws.services.sns.AmazonSNSClient.publish(AmazonSNSClient.java:1675)
      	at org.forgerock.openam.services.push.sns.SnsHttpDelegate.send(SnsHttpDelegate.java:69)
      	at org.forgerock.openam.services.push.PushNotificationService.send(PushNotificationService.java:122)
      	at org.forgerock.openam.auth.nodes.push.PushAuthenticationSenderNode.sendMessage(PushAuthenticationSenderNode.java:204)
      	at org.forgerock.openam.auth.nodes.push.PushAuthenticationSenderNode.process(PushAuthenticationSenderNode.java:153)
      	at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:105)
      	... 101 more
      
      

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              lubomir.mlich Ľubomír Mlích
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: