Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16232

Session Upgrade use-case with authentication level is failing in AM7.0

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: session
    • Environment:
      AM 7.0 (commit 6d2cd9e950048d70e3b17d7292a89794d678685d (HEAD -> master, origin/master, origin/HEAD)

      Java Policy Agent 5.7.0 (commit af8613cfd4bc68e4e09ea5951a03d39a38032807 (HEAD -> master, origin/master, origin/HEAD)
    • Target Version/s:

      Description

      Bug description

      Session Upgrade use-case with authentication level is failing in AM7.0

      AM 7.0 (commit 6d2cd9e950048d70e3b17d7292a89794d678685d (HEAD -> master, origin/master, origin/HEAD)

      Java Policy Agent 5.7.0 (commit af8613cfd4bc68e4e09ea5951a03d39a38032807 (HEAD -> master, origin/master, origin/HEAD)

      During the session upgrade use-case after collecting the step-up authentication credentials browser simply hangs and no redirection to protected URL.

       

      How to reproduce the issue

      1. Install AM and Agent
      2. Create a policy - Allow authenticated users with no Environment conditions for protected resource 1 E.g. http://agent.example.net:9090/frqa/index.jsp
      3. Create a policy - Allow authenticated users with an Auth Level greater than or equal to 20 for resource 2 E.g. http://agent.example.net:9090/frqa/ShowServlet
      4. Create an AuthN module like LDAP with auth level 20
      5. Access Protected resource 1
      6. Provide credentials for default authn (DataStore) and end up in resource 1
      7. Access the protected resource 2 in the same tab or via a link in resource 1
      8. Provide the credentials for Auth Level 20 (LDAP Authn)
      Expected behaviour
      End up in protected resource 2
      
      Current behaviour
      Stuck in the login page itself.
      

      Work around

      None

      The below NPE seen in the CoreSystem file.

      ERROR: IdentityResource.readInstance() :: Cannot READ resourceId=demo
      java.lang.NullPointerException: null
       at com.iplanet.dpro.session.service.SessionService.isSuperUser(SessionService.java:376)
       at org.forgerock.openam.core.rest.SelfServiceUserUiRolePredicate.test(SelfServiceUserUiRolePredicate.java:42)
       at org.forgerock.openam.core.rest.SelfServiceUserUiRolePredicate.test(SelfServiceUserUiRolePredicate.java:24)
       at org.forgerock.openam.core.rest.IdentityResourceV1.addRoleInformation(IdentityResourceV1.java:1395)
       at org.forgerock.openam.core.rest.IdentityResourceV1.buildResourceResponse(IdentityResourceV1.java:1359)
       at org.forgerock.openam.core.rest.IdentityResourceV1.readInstance(IdentityResourceV1.java:1330)
       at org.forgerock.openam.core.rest.IdentityResourceV2.readInstance(IdentityResourceV2.java:1258)
       at org.forgerock.json.resource.InterfaceCollectionInstance.handleRead(InterfaceCollectionInstance.java:65)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:104)
       at org.forgerock.json.resource.Resources$CollectionInstanceIdContextFilter.filterRead(Resources.java:556)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)
       at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:255)
       at org.forgerock.json.resource.Router.handleRead(Router.java:331)
       at org.forgerock.json.resource.Router.handleRead(Router.java:331)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:104)
       at org.forgerock.openam.rest.DisableCachingFilter.filterRead(DisableCachingFilter.java:78)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)
       at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:255)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:104)
       at org.forgerock.openam.rest.fluent.AuditFilter.filterRead(AuditFilter.java:187)
       at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterRead(AuditFilterWrapper.java:82)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)
       at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterRead(CrestLoggingFilter.java:158)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)
       at org.forgerock.openam.rest.ContextFilter.filterRead(ContextFilter.java:79)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)
       at org.forgerock.openam.rest.AuthenticationEnforcer.filterRead(AuthenticationEnforcer.java:174)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)
       at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:255)
       at org.forgerock.json.resource.Router.handleRead(Router.java:331)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:104)
       at org.forgerock.openam.rest.ContextFilter.filterRead(ContextFilter.java:79)
       at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)
       at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:255)
       at org.forgerock.json.resource.InternalConnection.readAsync(InternalConnection.java:81)
       at org.forgerock.json.resource.http.RequestRunner.visitReadRequest(RequestRunner.java:270)
       at org.forgerock.json.resource.http.RequestRunner.visitReadRequest(RequestRunner.java:85)
       at org.forgerock.json.resource.Requests$ReadRequestImpl.accept(Requests.java:587)
       at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:137)
       at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:263)
       at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
       at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:747)
       at org.forgerock.json.resource.http.HttpAdapter.doRead(HttpAdapter.java:402)
       at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:305)
       at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:147)
       at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
       at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)
       at org.forgerock.http.routing.Router.handle(Router.java:100)
       at org.forgerock.openam.cors.CorsFilter.filter(CorsFilter.java:77)
       at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)
       at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:85)

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
                Reporter:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: