Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16257

tokenid is not returned in session upgrade request with ForceAuth=true

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: session
    • Labels:

      Description

      Bug description

      When sessionupgrade is called with ForceAuth=true, upgrade succeeds, but tokenid is not returned

      POST /openam/json/realms/root/authenticate?ForceAuth=true&sessionUpgradeSSOTokenId=C4QUsxbZwsva1LoeHQfEALgi4hE.*AAJTSQACMDEAAlNLABw3dEJ3bitvN0htaWFkU0d3M2FWYUJQazhBdlE9AAR0eXBlAANDVFMAAlMxAAA.*&authIndexType=Module&authIndexValue=LDAP HTTP/1.1
Host: openam.localtest.me:8080
User-Agent: python-requests/2.23.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
X-OpenAM-Username: demo
X-OpenAM-Password: changeit
Content-Type: application/json
Accept-API-Version: resource=2.0, protocol=1.0
Content-Length: 0


HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: amlbcookie=01; Domain=localtest.me; Path=/
Cache-Control: no-cache, no-store, must-revalidate
Content-API-Version: resource=2.1
Expires: 0
Pragma: no-cache
Content-Type: application/json
Content-Length: 57
Date: Wed, 20 May 2020 06:31:53 GMT
Keep-Alive: timeout=20
Connection: keep-alive


{"tokenId":"","successUrl":"/openam/console","realm":"/"}

      How to reproduce the issue

      1. setup AM at http://openam.localtest.me:8080/openam
      2. add policy to allow all authenticated users to access http://agent.localtest.me:80/index.html
      3. add policy to allow all users authenticated to module LDAP to access http://agent.localtest.me:80/sessionupgrade/index.html
      4. run session_upgrade_test_clp.sh
      Expected behaviour
      tokenId is displayed 

{
    "realm": "/",
    "successUrl": "/openam/console",
    "tokenId": "QMPFUIA32fqL8VxpQLIjSVLlJeA.*AAJTSQACMDEAAlNLABxYTEpvRnA4cTJVSzRIS3NiYXR4UU5JMFdpRFU9AAR0eXBlAANDVFMAAlMxAAA.*"
}
      Current behaviour
      tokenId is empty in AM reply

{
    "realm": "/",
    "successUrl": "/openam/console",
    "tokenId": ""
}

      Work around

      Don't use ForceAuth=True

        Attachments

          Issue Links

          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. AMAGENTS-3331 5.7 - WPA - AM Compatibility

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          relates to

          Task - A task that needs to be done. AMAGENTS-3496 Modify testing custom login page to work with well with OPENAM-15606

          • Major - Major loss of function.
          • Closed

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lubomir.mlich Ľubomír Mlích
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: