Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15136

Error 'duplicate request parameter found : acr' if values are already present

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 5.5.1, 6.0.0.7, 6.5.2
    • None
    • oauth2
    • Rank:
      1|hzyjyv:

      Description

      Bug description

      An error 'invalid_request Invalid Request, duplicate request parameter found : acr' is presented in a scenario where the parameters are already present.

      How to reproduce the issue

      1). Set up standard OIDC test environment within AM

      2). Add an 'OpenID Connect acr_values to Auth Chain Mapping' in the OAuth2 Provider service, for example:

      L1 : ldapService 

      2). Use a sample authz code grant flow and send the following request (note the acr_sig and acr parameters are already provided):

      http://openam.example.com:8080/AM/oauth2/authorize?response_type=code&client_id=test&realm=%2F&scope=openid%20profile&redirect_uri=http%3A%2F%2Fopenam.example.com%3A8080%2Fopenid%2Fcb-basic.html&state=af0ifjsldkj&acr_values=L1&acr=L1&acr_sig=YJ6vPCdBfvRy6YjOnJhshD9dm8nEL453mAz6ZqIBlVs

      ...the login page should be displayed as expected.

      3). Login and note the error:

      invalid_request Invalid Request, duplicate request parameter found : acr 

      ...the URL in the browser at this point is:

      http://openam.example.com:8080/AM/oauth2/authorize?response_type=code&client_id=test&realm=%2F&scope=openid%20profile&redirect_uri=http%3A%2F%2Fopenam.example.com%3A8080%2Fopenid%2Fcb-basic.html&state=af0ifjsldkj&acr_values=L1&acr=L1&acr_sig=YJ6vPCdBfvRy6YjOnJhshD9dm8nEL453mAz6ZqIBlVs&acr=L1&acr_sig=j2aTF5SM_XRE_wbp_rNd6SBIjumzsey5-G1EouMQOjY 
       
      Expected behaviour
      Flow completes without error by guarding against this scenario
      
      Current behaviour
      invalid_request Invalid Request, duplicate request parameter found : acr

       

        Attachments

          Issue Links

            Activity

              People

              jonthomas Jonathan Thomas
              andy.itter Andy Itter
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: