Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15718

Cookie validation gives different HTTP Response code

    Details

    • Support Ticket IDs:

      Description

      Bug description

      When trying to validate iplanetdirectory pro token after editing there are 2 errors given a 200 or 500

      • If you edit SSOToken part of iplanetDirectory Pro, and then validates it; the system will give a Http Response: 200 OK
      • If you edit Session Key part iplanetDirectory Pro, and then validates it; the system will give a Http Response Status: 500 Internal Server Error

       

      The error is inconsistent

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Initiate and get a session token/iPlanetDirectoryPro
      curl "http://openam.am6522.com:8080/openam/json/realms/root/authenticate" \
        -X POST \
        -H "X-OpenAM-Username: demo" \
        -H "X-OpenAM-Password: changeit" \
        -H "Accept-API-Version: resource=2.1" 
      
      {"tokenId":"hBLyyYBHC4DbHkDi0DszdHL40JA.*AAJTSQACMDEAAlNLABxOcVFoRDdib3pQdGZMajlkS1U2QWMzN1RBMWc9AAR0eXBlAANDVFMAAlMxAAA.*","successUrl":"/openam/console","realm":"/"}
      
      1. Validate the session token/iPlanetDirectoryPro
      curl "http://openam.am6522.com:8080/openam/json/realms/root/sessions?_action=validate" \
        -X POST \
        -H "Content-Type: application/json" \
        -H "iPlanetDirectoryPro: hBLyyYBHC4DbHkDi0DszdHL40JA.*AAJTSQACMDEAAlNLABxOcVFoRDdib3pQdGZMajlkS1U2QWMzN1RBMWc9AAR0eXBlAANDVFMAAlMxAAA.*" \
        -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      
      {"valid":true,"sessionUid":"000fe2bb-57a1-42b0-9de9-a62f058b9d03-7505696","uid":"demo","realm":"/"}
      
      1. Edit the SSOToken part of iplanetDirectory Pro, and then validates it. For example, we will remove the first 3 characters: -hBL-yyYBHC4DbHkDi0DszdHL40JA.AAJTSQACMDEAAlNLABxOcVFoRDdib3pQdGZMajlkS1U2QWMzN1RBMWc9AAR0eXBlAANDVFMAAlMxAAA.
      curl "http://openam.am6522.com:8080/openam/json/realms/root/sessions?_action=validate" \
        -X POST \
        -H "Content-Type: application/json" \
        -H "iPlanetDirectoryPro: yyYBHC4DbHkDi0DszdHL40JA.*AAJTSQACMDEAAlNLABxOcVFoRDdib3pQdGZMajlkS1U2QWMzN1RBMWc9AAR0eXBlAANDVFMAAlMxAAA.*" \
        -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      
      200 Forbidden {"valid":false}
      
      1. Edit the Session Key part of iplanetDirectory Pro, and then validates it. For example, we will remove the first 3 characters: 
        hBLyyYBHC4DbHkDi0DszdHL40JA.-*AAJ-TSQACMDEAAlNLABxOcVFoRDdib3pQdGZMajlkS1U2QWMzN1RBMWc9AAR0eXBlAANDVFMAAlMxAAA.
      curl "http://openam.am6522.com:8080/openam/json/realms/root/sessions?_action=validate" \
        -X POST \
        -H "Content-Type: application/json" \
        -H "iPlanetDirectoryPro: hBLyyYBHC4DbHkDi0DszdHL40JA.*TSQACMDEAAlNLABxOcVFoRDdib3pQdGZMajlkS1U2QWMzN1RBMWc9AAR0eXBlAANDVFMAAlMxAAA.*" \
        -H "Accept-API-Version: resource=2.1, protocol=1.0" 
      
      {"code":500,"reason":"Internal Server Error","message":"An error occurred whilst trying to use restricted token.","detail":{"failureReasons":[{"exception":"An error occurred whilst trying to use restricted token."}]},"cause":{"message":"An error occurred whilst trying to use restricted token."}}
      
      1. The error message is different

      Expected behaviour

      
      

      Work around

      none at this ponint)

      Code analysis

      
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jobby.thomas Jobby Thomas
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: