Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16251

OIDC authentication request with parameters 'prompt=none' and 'acr_values=' triggers authentication

    XMLWordPrintable

Details

    • Rank:
      1|i00tk8:
    • AM Sustaining Sprint 75
    • 5
    • No
    • Yes
    • Yes and I used the same an in the description, Yes but I used my own steps. (If so, please add them in a new comment)
    • 0
    • Future
    • None

    Description

      Bug description

      OIDC flow requests authentication although parameter promt=none is present

      How to reproduce the issue

      1. Configure AM as OIDC provider
      2. Configure 2 'acr_values' auth-chain mapping, e.g. silver / datstoreService, gold / ldapService
      3. Configure OAuth2 client
      4. Perform OIDC authorization code flow with additional parameter 'acr_values=silver'
      5. Authenticate at AM
      6. Give consent
      7. Perform OIDC authorization code flow with additional parameters 'acr_values=gold' and 'prompt=none'
      Expected behaviour
      AM should send OIDC error response
      
      Current behaviour
      AM authentication is triggered
      

      Same use case with OpenAM 13.5.0 leads to error response

      error=consent_required&error_description=The request requires consent.
      

      It could fairly be that different (Open)AM versions behave differently.

      Attachments

        Activity

          People

            lawrence.yarham Lawrence Yarham
            bthalmayr Bernhard Thalmayr
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: