Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15670

DeviceIdSave auth module initialization fails if username is null

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 14.1.1.1, 14.1.1.2, 14.1.1.3, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 14.1.1.4, 6.0.0.5, 14.1.1.5, 14.1.2.2, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 14.1.2.3, 6.5.1, 6.5.0.2, 14.1.2.4, 6.5.2, 6.5.2.1, 6.5.2.2, 14.1.2.5, 7.0.0, 14.1.2.11
    • Fix Version/s: 7.0.0, 6.5.3
    • Component/s: authentication
    • Labels:
    • Environment:
      Oracle JDK 1.8.0_201
      Apache Tomcat/9.0.8
      AM 6.0.0.6
    • Rank:
      1|hzzfhj:
    • Sprint:
      AM Sustaining Sprint 69, AM Sustaining Sprint 70
    • Story Points:
      5
    • Support Ticket IDs:

      Description

      Bug description

      Initialization of DeviceIdSave auth module fails if username is not present

      How to reproduce the issue

      1. Configure AM
      2. Configure the below mentioned auth-chain in some sub-realm
      3. Perform service based authentication
      AuthnChain
      [name=Certificate] [flag=OPTIONAL] [options=]
      [name=DeviceMatch] [flag=SUFFICIENT] [options=]
      [name=OTP] [flag=OPTIONAL] [options=]
      [name=DeviceSave] [flag=SUFFICIENT] [options=]
      [name=LDAP] [flag=REQUISITE] [options=]
      [name=DeviceMatch] [flag=SUFFICIENT] [options=]
      [name=OTP] [flag=REQUIRED] [options=]
      [name=DeviceSave] [flag=REQUIRED] [options=]
      
      Expected behaviour
      HOTP auth module should be triggered after submitting credentials for LDAP auth module.
      
      Current behaviour
      User is prompted for LDAP credentials a second time.
      

      Code analysis

      org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave.java
      ...
          @Override
          public void init(Subject subject, Map sharedState, Map config) {
      ...
             amIdentityPrincipal = IdUtils.getIdentity(userName, realm, userSearchAttributes);
      ...
      }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              joe.starling Joe Starling
              Reporter:
              bthalmayr Bernhard Thalmayr
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: