Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15670

DeviceIdSave auth module initialization fails if username is null

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.0.0.6, 6.5.0, 6.5.0.1, 6.5.1, 6.5.0.2, 6.5.2, 14.1.1.1, 14.1.1.2, 14.1.1.3, 14.1.1.4, 14.1.1.5, 14.1.2.2, 6.0.0.7, 14.1.2.3, 14.1.2.4, 6.5.2.1, 7.0.0, 6.5.2.2, 14.1.2.11, 14.1.2.5
    • Fix Version/s: 6.5.3, 7.0.0
    • Component/s: authentication
    • Labels:
    • Environment:
      Oracle JDK 1.8.0_201
      Apache Tomcat/9.0.8
      AM 6.0.0.6
    • Sprint:
      AM Sustaining Sprint 69, AM Sustaining Sprint 70
    • Story Points:
      5
    • Support Ticket IDs:

      Description

      Bug description

      Initialization of DeviceIdSave auth module fails if username is not present

      How to reproduce the issue

      1. Configure AM
      2. Configure the below mentioned auth-chain in some sub-realm
      3. Perform service based authentication
      AuthnChain
      [name=Certificate] [flag=OPTIONAL] [options=]
      [name=DeviceMatch] [flag=SUFFICIENT] [options=]
      [name=OTP] [flag=OPTIONAL] [options=]
      [name=DeviceSave] [flag=SUFFICIENT] [options=]
      [name=LDAP] [flag=REQUISITE] [options=]
      [name=DeviceMatch] [flag=SUFFICIENT] [options=]
      [name=OTP] [flag=REQUIRED] [options=]
      [name=DeviceSave] [flag=REQUIRED] [options=]
      
      Expected behaviour
      HOTP auth module should be triggered after submitting credentials for LDAP auth module.
      
      Current behaviour
      User is prompted for LDAP credentials a second time.
      

      Code analysis

      org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave.java
      ...
          @Override
          public void init(Subject subject, Map sharedState, Map config) {
      ...
             amIdentityPrincipal = IdUtils.getIdentity(userName, realm, userSearchAttributes);
      ...
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                joe.starling Joe Starling
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: