Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15700

Dynamic user profile not working for chains

    XMLWordPrintable

    Details

    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Dynamic creation of user profiles is not working anymore.

      How to reproduce the issue

      Start AM with the below command to see the expected behaviour:

      docker run -ti --name am --rm -p8080:8080 -p50389:50389 -p8000:8000 \
    -e AM_HOST_NAME=openam.example.com \
    -e AM_ADMIN_PWD=password \
    -e "JPDA_ADDRESS=*:8000" \
    gcr.io/forgerock-io/am/docker-build:7.0.0-b1a9a143b16ff3fb8918497bd67c8c88435167f1

      Start AM with the below command to see the current behaviour:

      docker run -ti --name am --rm -p8080:8080 -p50389:50389 -p8000:8000 \
     -e AM_HOST_NAME=openam.example.com \
     -e AM_ADMIN_PWD=password \
     -e "JPDA_ADDRESS=*:8000" \
     gcr.io/forgerock-io/am/docker-build:7.0.0-b920ac1dac131e6fb5af7959f37c7035344a2043

       

      Configuration steps:

      1. Create a new Server-side Authentication Groovy script called "DynamicProfileScript" and paste the following in the script editor: 
        username = "User-" + String.valueOf((int)(Math.random()*1000));
sharedState.put("javax.security.auth.login.name", username);
sharedState.put("javax.security.auth.login.password", "password");
authState = SUCCESS;
      1. Create a new Authentication Module called "DynamicProfileScriptedModule" of type "Scripted Module". Disable Client-side Script and for the Server-Side Script, select "DynamicProfileScript".
      2. Create a new chain called "DynamicProfileCreate" and add the module as "Required".
      3. In Authentication > Settings > User Profile change User Profile to "Dynamic".
      4. Navigate to http://openam.example.com:8080/am/XUI/#login/&service=DynamicProfileCreate

       

      Expected behaviour

      The authenticated identity is created dynamically:

      Current behaviour

      No identity created for authenticated user:

      Work around

      There is no workaround.

      Code analysis

      The bug was introduced in this commit: https://stash.forgerock.org/projects/OPENAM/repos/openam/commits/b920ac1dac131e6fb5af7959f37c7035344a2043

      Before the change in LoginState.java on line 2183 the "searchIdentity" method use to return an empty set if the identity was not found.

      After the change in LoginState.java on line 2139 the "LazyConfig.AUTHD.getIdentity" method throws an exception if the identity was not found, which eventually causes the logic that creates a dynamic identity to be skipped.

       

       

        Attachments

          Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-15721 Dynamic Provision using Authentication Chain fails on 6.5.2.2 and later

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              phillcunnington Phill Cunnington
              Reporter:
              jaco.jooste Jaco Jooste
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: