Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15570

introspect for token in sub-realm fails because no OpenID Connect Provider in root realm

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: None
    • Target Version/s:
    • Rank:
      1|hzza7b:

      Description

      Bug description

      Attempting to perform an introspect of a specific invalid token fails with 404 error, No OpenID Connect provider for realm /

      How to reproduce the issue

      1. Deploy AM, embedded config and user store, e.g. https://openam.amtest2.com:8443/access
      2. Create a sub-realm, subscribers, no dns alias.
      3. In sub-realm, create an OpenID Connect Provider.
      4. On resulting OAuth2Provider service, enable 'Use Client Based Access and Refresh tokens', and 'Issue refresh tokens'
      5. In sub-realm, create a client testoauth, set a secret (e.g. secret) and scope of profile.  Then on Advanced tab of created client, add grant types of Resource Owner Password credentials and Refresh token, and set TokenEndpoint Authentication method to be client_secret_post
      6. Using curl, call the introspect endpoint in the sub-realm: curl -k -v --request POST --user "testoauth:secret" https://openam.amtest2.com:8443/access/oauth2/realms/root/realms/subscribers/introspect?token=<see comments below for value(s) that reproduce this>
      Expected behaviour
      200 response, with content {"active":false}
      Current behaviour
      404 response, with content {"error_description":"No OpenID Connect provider for realm /","error":"not_found"}

      Work around

      Create an OpenID Provider in the root realm.

        Attachments

          Activity

            People

            • Assignee:
              gabor.melkvi Gabor Melkvi
              Reporter:
              lawrence.yarham Lawrence Yarham
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: