Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16453

CDSSO : error during redirect to AM login page

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: cdsso
    • Environment:
      OS : Linux
      AM container : Tomcat 9.0.34
      jdk : openjdk 11.0.7
      IGStandalone: 7.0.0-SNAPSHOT 3401ef0756b
      OpenAM: 7.0.0-SNAPSHOT 8301e3d99fe
    • Target Version/s:
    • Rank:
      1|i01gfr:
    • Needs backport:
      No
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Regression on AM-7.0.0-SNAPSHOT
      Git SHA! : OpenAM: 7.0.0-SNAPSHOT 2b1a765c973 : WORKING OK
      Git SHA! : OpenAM: 7.0.0-SNAPSHOT 8301e3d99fe : DOES NOT WORK PROPERLY - object of this issue

      Since this commit, the following error occurs :

      HTTP Request: GET http://openam.example.com:8086/openam/oauth2/realms/root/realms/filters_realm/authorize?scope=openid&response_type=id_token&realm=/filters_realm&redirect_uri=http://openig.ext.com:8084/home/cdsso/callback&nonce=9346d44f-d26d-476d-8abe-f49b1663cd04-341&client_id=cdsso_ig_agent&response_mode=form_post&service=igChain "HTTP/1.1 302 Found"

      returns this error :

      Error 'invalid_request' during authentication because of 'Invalid request on redirect endpoint'

      Steps to reproduce with pyforge :

      • - git pull PyForge
      • - ./cleanup.py -f
      • - ./configure.py
      • - make sure your /etc/hosts is properly configured for IG functional tests : (cf hosts on docker : https://pyforge.engineering.forgerock.com/docs/getting-started#prepare-docker-on-your-machine)
      • - in config.cfg, update the IG section with WEBCONTAINER_TYPE=standalone
      • - launch the following commands (on Linux/Mac), in the PyForge root directory :
        export PYFORGE_ROOT_DIR=`pwd`; source PyBot/OpenIG/tools/.qa_tools; ppth
      • - launch the tests with the following alias
        rig -s GatewayGuide/CrossDomainSingleSignOn -t When_Not_Authenticated_On_Am_Then_Accessing_Route_Should_Redirect_To_Am -n
        Servers are then available for checks... (NB : test may have been modified, to expect the current error)
      • - ./cleanup.py -f

        Attachments

          Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-15785 OIDC spec violation - HTTP POST can not be used to send Authentication Request

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-16477 AM 7 does not handle properly oauth2/authorize GET request when realm parameter is used

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                jcdevil Jean-Charles Deville
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: