Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15210

Authentication nodes that is assigned AuthType values may not work in Session Upgrade case with custom modules

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.0.0.6, 6.5.0, 6.5.0.1, 6.5.1, 6.5.0.2, 6.5.2, 6.0.0.7
    • Fix Version/s: 6.0.1, 6.5.3, 7.0.0, 5.5.2
    • Component/s: authentication, trees
    • Labels:
    • Sprint:
      AM Sustaining Sprint 65
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When using

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Create a Tree node (say Example)
      2. Add a Set Session Properties with "AuthType" as key and value as "SomeAuthType"
      3. Now authenticate to that Tree Node
      4. Later session upgrade to the Custom auth module (say DataStore)
      Expected behaviour
      The session upgrade should work fine
      
      Current behaviour
      Getting 500 error 
      
      {"code":500,"reason":"Internal Server Error","message":"Authentication Error!!"}
      
      Exception seen in 
      {code}
      amAuth:07/15/2019 12:52:19:943 PM SGT: Thread[http-nio-8080-exec-7,5,main]: TransactionId[9b0a2f9e-c3ed-4a28-bbd1-57b28d06fe88-87502]
      Exception
      java.lang.NullPointerException
              at com.sun.identity.authentication.service.LoginState.throwExceptionIfPrincipalsDiffer(LoginState.java:1481)
              at com.sun.identity.authentication.service.LoginState.setSessionProperties(LoginState.java:1199)
              at com.sun.identity.authentication.service.LoginState.produceSessionFromState(LoginState.java:1115)
              at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:576)
              at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:586)
              at org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper.submitRequirements(AuthContextLocalWrapper.java:108)
      {code}
      
      

      Work around

      Do not assign AuthType values to Tree nodes.

      Code analysis

      LoginState.java
      throwExceptionIfPrincipalsDiffer tries to read the AuthType data and check for the
      value from an AuthModule which does not exists and break.
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chee-weng.chea C-Weng C
                Reporter:
                chee-weng.chea C-Weng C
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: