Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15844

401 Unauthorised returned with OTP Collector Decision Node when X-OpenAM-Password header passed in /authenticate

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2
    • Fix Version/s: None
    • Component/s: authentication, trees
    • Labels:
    • Rank:
      1|hzzrwv:
    • Sprint:
      AM Sustaining Sprint 74, AM Sustaining Sprint 75, AM Sustaining Sprint 76, AM Sustaining Sprint 77, AM Sustaining Sprint 78, AM Sustaining Sprint 79, AM Sustaining Sprint 80, AM Sustaining Sprint 81, AM Sustaining Sprint 82, AM Sustaining Sprint 83, AM Sustaining Sprint 84, AM Sustaining Sprint 85
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      Bug description

      401 Unauthorised returned when using OTP Collector Decision Node in conjunction with X-OpenAM-Password header passed in /authenticate during a REST call.

      How to reproduce the issue

      1. Create a tree using the OTP collector decision node, either with the zero page login collector node or username/password collector.

      2. Make a REST call to /authenticate with X-OpenAM-Username and X-OpenAM-Password headers

      Expected behaviour
      Callback prompt for OTP
      Current behaviour
      Returns 401 Unauthorized

      Work around

      Insert a zero page login collector node and specify a custom password header name other than X-OpenAM-Password in the node configuration.

        Attachments

          Activity

            People

            Assignee:
            joe.starling Joe Starling
            Reporter:
            max.oshea Max O'Shea [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: