-
Type:
Bug
-
Status: Resolved
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 7.0.0
-
Fix Version/s: 7.0.0
-
Component/s: cdsso
-
Environment:OS : Linux
AM container : Tomcat 9.0.34
jdk : openjdk 11.0.7
IGStandalone: 7.0.0-SNAPSHOT 3401ef0756b
OpenAM: 7.0.0-SNAPSHOT 8301e3d99fe
-
Target Version/s:
-
Rank:1|i01gfr:
-
Needs backport:No
-
Needs QA verification:Yes
-
Functional tests:No
-
Are the reproduction steps defined?:Yes and I used the same an in the description
Regression on AM-7.0.0-SNAPSHOT
Git SHA! : OpenAM: 7.0.0-SNAPSHOT 2b1a765c973 : WORKING OK
Git SHA! : OpenAM: 7.0.0-SNAPSHOT 8301e3d99fe : DOES NOT WORK PROPERLY - object of this issue
Since this commit, the following error occurs :
HTTP Request: GET http://openam.example.com:8086/openam/oauth2/realms/root/realms/filters_realm/authorize?scope=openid&response_type=id_token&realm=/filters_realm&redirect_uri=http://openig.ext.com:8084/home/cdsso/callback&nonce=9346d44f-d26d-476d-8abe-f49b1663cd04-341&client_id=cdsso_ig_agent&response_mode=form_post&service=igChain "HTTP/1.1 302 Found"
returns this error :
Error 'invalid_request' during authentication because of 'Invalid request on redirect endpoint'
Steps to reproduce with pyforge :
- - git pull PyForge
- - ./cleanup.py -f
- - ./configure.py
- - make sure your /etc/hosts is properly configured for IG functional tests : (cf hosts on docker : https://pyforge.engineering.forgerock.com/docs/getting-started#prepare-docker-on-your-machine)
- - in config.cfg, update the IG section with WEBCONTAINER_TYPE=standalone
- - launch the following commands (on Linux/Mac), in the PyForge root directory :
export PYFORGE_ROOT_DIR=`pwd`; source PyBot/OpenIG/tools/.qa_tools; ppth - - launch the tests with the following alias
rig -s GatewayGuide/CrossDomainSingleSignOn -t When_Not_Authenticated_On_Am_Then_Accessing_Route_Should_Redirect_To_Am -n
Servers are then available for checks... (NB : test may have been modified, to expect the current error) - - ./cleanup.py -f
- is caused by
-
OPENAM-15785 OIDC spec violation - HTTP POST can not be used to send Authentication Request
-
- Resolved
-
- is duplicated by
-
OPENAM-16477 AM 7 does not handle properly oauth2/authorize GET request when realm parameter is used
-
- Closed
-