Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16257

tokenid is not returned in session upgrade request with ForceAuth=true

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: session
    • Labels:

      Description

      Bug description

      When sessionupgrade is called with ForceAuth=true, upgrade succeeds, but tokenid is not returned

      POST /openam/json/realms/root/authenticate?ForceAuth=true&sessionUpgradeSSOTokenId=C4QUsxbZwsva1LoeHQfEALgi4hE.*AAJTSQACMDEAAlNLABw3dEJ3bitvN0htaWFkU0d3M2FWYUJQazhBdlE9AAR0eXBlAANDVFMAAlMxAAA.*&authIndexType=Module&authIndexValue=LDAP HTTP/1.1
      Host: openam.localtest.me:8080
      User-Agent: python-requests/2.23.0
      Accept-Encoding: gzip, deflate
      Accept: */*
      Connection: keep-alive
      X-OpenAM-Username: demo
      X-OpenAM-Password: changeit
      Content-Type: application/json
      Accept-API-Version: resource=2.0, protocol=1.0
      Content-Length: 0
      
      
      HTTP/1.1 200 
      X-Frame-Options: SAMEORIGIN
      X-Content-Type-Options: nosniff
      Set-Cookie: amlbcookie=01; Domain=localtest.me; Path=/
      Cache-Control: no-cache, no-store, must-revalidate
      Content-API-Version: resource=2.1
      Expires: 0
      Pragma: no-cache
      Content-Type: application/json
      Content-Length: 57
      Date: Wed, 20 May 2020 06:31:53 GMT
      Keep-Alive: timeout=20
      Connection: keep-alive
      
      
      {"tokenId":"","successUrl":"/openam/console","realm":"/"}
      

      How to reproduce the issue

      1. setup AM at http://openam.localtest.me:8080/openam
      2. add policy to allow all authenticated users to access http://agent.localtest.me:80/index.html
      3. add policy to allow all users authenticated to module LDAP to access http://agent.localtest.me:80/sessionupgrade/index.html
      4. run session_upgrade_test_clp.sh
      Expected behaviour
      tokenId is displayed 
      
      {
          "realm": "/",
          "successUrl": "/openam/console",
          "tokenId": "QMPFUIA32fqL8VxpQLIjSVLlJeA.*AAJTSQACMDEAAlNLABxYTEpvRnA4cTJVSzRIS3NiYXR4UU5JMFdpRFU9AAR0eXBlAANDVFMAAlMxAAA.*"
      }
      Current behaviour
      tokenId is empty in AM reply
      
      {
          "realm": "/",
          "successUrl": "/openam/console",
          "tokenId": ""
      }
      

      Work around

      Don't use ForceAuth=True

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lubomir.mlich Ľubomír Mlích
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: