Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15570

introspect for token in sub-realm fails because no OpenID Connect Provider in root realm


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: None
    • Target Version/s:
    • Rank:


      Bug description

      Attempting to perform an introspect of a specific invalid token fails with 404 error, No OpenID Connect provider for realm /

      How to reproduce the issue

      1. Deploy AM, embedded config and user store, e.g. https://openam.amtest2.com:8443/access
      2. Create a sub-realm, subscribers, no dns alias.
      3. In sub-realm, create an OpenID Connect Provider.
      4. On resulting OAuth2Provider service, enable 'Use Client Based Access and Refresh tokens', and 'Issue refresh tokens'
      5. In sub-realm, create a client testoauth, set a secret (e.g. secret) and scope of profile.  Then on Advanced tab of created client, add grant types of Resource Owner Password credentials and Refresh token, and set TokenEndpoint Authentication method to be client_secret_post
      6. Using curl, call the introspect endpoint in the sub-realm: curl -k -v --request POST --user "testoauth:secret" https://openam.amtest2.com:8443/access/oauth2/realms/root/realms/subscribers/introspect?token=<see comments below for value(s) that reproduce this>
      Expected behaviour
      200 response, with content {"active":false}
      Current behaviour
      404 response, with content {"error_description":"No OpenID Connect provider for realm /","error":"not_found"}

      Work around

      Create an OpenID Provider in the root realm.




            • Assignee:
              gabor.melkvi Gabor Melkvi
              lawrence.yarham Lawrence Yarham
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: