Bug description
Notification will fail, if there is quote in binding message in JWT of CIBA request.
this doesn't work: "binding_message": "Allow ExampleBank to transfer £50 from your 'Main' account to your 'Savings' account? Reference: 0246326",
this works: "binding_message": "Allow ExampleBank to transfer £50 from your Main account to your Savings account? Reference: 0246326",
How to reproduce the issue
- configure CIBA following https://docs.google.com/document/d/1HlPCIUDZj7uQsMXOTie_hSGzE3qaS0Rn4GJg_1KKfYc/edit#
- use quotes in binding message in JWT
Expected behaviour
Notification is sent to mobile phone
Current behaviou
Client will see: { "error": "server_error", "error_description": "Error occurred during authentication" } And in the debug there is: ERROR: Unable to create the OAuth2 request org.forgerock.oauth2.core.exceptions.ServerException: Error occurred during authentication at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.retrieveAuthenticationResponse(CtsBackChannelAuthnService.java:201) at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiateAuthentication(CtsBackChannelAuthnService.java:102) at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiateAuthentication(CtsBackChannelAuthnService.java:120) at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiate(CtsBackChannelAuthnService.java:94) at org.forgerock.oauth2.restlet.BackChannelResource.backChannelAuthorize(BackChannelResource.java:166) at sun.reflect.GeneratedMethodAccessor146.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.restlet.resource.ServerResource.doHandle(ServerResource.java:508) at org.restlet.resource.ServerResource.post(ServerResource.java:1341) at org.restlet.resource.ServerResource.doHandle(ServerResource.java:606) at org.restlet.resource.ServerResource.doNegotiatedHandle(ServerResource.java:662) at org.restlet.resource.ServerResource.doConditionalHandle(ServerResource.java:348) at org.restlet.resource.ServerResource.handle(ServerResource.java:1020) at org.restlet.resource.Finder.handle(Finder.java:236) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.routing.Router.doHandle(Router.java:422) at org.forgerock.openam.rest.service.RestletRealmRouter.doHandle(RestletRealmRouter.java:94) at org.restlet.routing.Router.handle(Router.java:641) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:140) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202) at org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:77) at org.restlet.Application.handle(Application.java:385) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.routing.Router.doHandle(Router.java:422) at org.restlet.routing.Router.handle(Router.java:641) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.routing.Router.doHandle(Router.java:422) at org.restlet.routing.Router.handle(Router.java:641) at org.restlet.routing.Filter.doHandle(Filter.java:150) at org.restlet.routing.Filter.handle(Filter.java:197) at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202) at org.restlet.Component.handle(Component.java:408) at org.restlet.Server.handle(Server.java:507) at org.restlet.engine.connector.ServerHelper.handle(ServerHelper.java:63) at org.restlet.engine.adapter.HttpServerHelper.handle(HttpServerHelper.java:143) at org.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:1117) at org.forgerock.openam.rest.RestEndpointServlet$RestletHandler.handle(RestEndpointServlet.java:183) at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179) at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:87) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:264) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.forgerock.openam.rest.RestEndpointServlet$HttpServletWrapper.service(RestEndpointServlet.java:254) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.forgerock.openam.rest.RestEndpointServlet.service(RestEndpointServlet.java:132) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: org.forgerock.openam.core.rest.authn.exceptions.RestAuthException: Login failure at org.forgerock.openam.core.rest.authn.trees.FailureProcessTreeResult.authFailureException(FailureProcessTreeResult.java:92) at org.forgerock.openam.core.rest.authn.trees.AuthTrees.processTree(AuthTrees.java:424) at org.forgerock.openam.core.rest.authn.trees.AuthTrees.evaluateTreeAndProcessResult(AuthTrees.java:261) at org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:253) at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:222) at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.retrieveAuthenticationResponse(CtsBackChannelAuthnService.java:185) ... 95 more Caused by: org.forgerock.openam.auth.node.api.NodeProcessException: Node processing failed at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:108) at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:149) at org.forgerock.openam.core.rest.authn.trees.AuthTrees.processTree(AuthTrees.java:421) ... 99 more Caused by: com.amazonaws.services.sns.model.InvalidParameterException: Invalid parameter: Subject (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID: 68bef8ed-4430-565f-b802-ad94cb034458) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1639) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1056) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) at com.amazonaws.services.sns.AmazonSNSClient.doInvoke(AmazonSNSClient.java:2270) at com.amazonaws.services.sns.AmazonSNSClient.invoke(AmazonSNSClient.java:2246) at com.amazonaws.services.sns.AmazonSNSClient.executePublish(AmazonSNSClient.java:1698) at com.amazonaws.services.sns.AmazonSNSClient.publish(AmazonSNSClient.java:1675) at org.forgerock.openam.services.push.sns.SnsHttpDelegate.send(SnsHttpDelegate.java:69) at org.forgerock.openam.services.push.PushNotificationService.send(PushNotificationService.java:122) at org.forgerock.openam.auth.nodes.push.PushAuthenticationSenderNode.sendMessage(PushAuthenticationSenderNode.java:204) at org.forgerock.openam.auth.nodes.push.PushAuthenticationSenderNode.process(PushAuthenticationSenderNode.java:153) at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:105) ... 101 more