Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16441

getIdentity returns Null in OTP sender Node when using Rest

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.5.2.3
    • None
    • trees
    • AM 6.5.2.3
    • Rank:
      1|i01fjj:

    Description

      Bug description

      When trying to use Rest to authentication against a tree the 

      OneTimePasswordSmtpSenderNode  can fail to find the identity of the user resulting in this stack

       

      amAuth:06/23/2020 04:18:59:344 PM GMT: Thread[https-jsse-nio-8443-exec-159,5,main]: TransactionId[2a9445dc-0560-4890-b865-ed4138302e56-324481]
      OneTimePasswordSmtpSenderNode started
      amAuth:06/23/2020 04:18:59:346 PM GMT: Thread[https-jsse-nio-8443-exec-159,5,main]: TransactionId[2a9445dc-0560-4890-b865-ed4138302e56-324481]
      ERROR: Node processing failed
      java.util.NoSuchElementException
       at java.util.HashMap$HashIterator.nextNode(HashMap.java:1447)
       at java.util.HashMap$KeyIterator.next(HashMap.java:1469)
       at org.forgerock.openam.auth.nodes.IdentityProvider.getIdentity(IdentityProvider.java:59)
       at org.forgerock.openam.auth.nodes.OneTimePasswordSmtpSenderNode.getAmIdentity(OneTimePasswordSmtpSenderNode.java:143)
       at

      How to reproduce the issue

      1. Create a simple OTP Tree
      2. Try to authenicate using rest such as:
        curl --request POST --header "X-OpenAM-Username: test" --header "X-OpenAM-Password: cangetin " --header 'Accept-API-Version: resource=2.0, protocol=1.0' 'http://openam65.example.com:8080/openam/json/realms/root/authenticate?authIndexType=service&authIndexValue=AD'
      3. This will fail
      4. This tree will work in a browser, what is odd is it will also now work for later rest calls.
      Expected behaviour
      You should be able to use rest successfully in both cases
      Current behaviour
      Rest will fail the first time, but if you use browser, then use rest, rest will work. 

      Work around

      None

      Code analysis

      codeorg/forgerock/openam/auth/nodes/IdentityProvider.java
      It does seems to fail on the following source  
      (highlighted in bold):
      IdSearchResults idSearchResults = idrepo.searchIdentities(IdType.USER,
              new CrestQuery(username), idSearchControl);
      return (AMIdentity) idSearchResults.getSearchResults().iterator().next();...
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            william.hepler William Hepler
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: