Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16473

Unable to authenticate after UpdatePassword flow

    Details

    • Target Version/s:
    • Rank:
      1|i01h0n:

      Description

      Bug description

      When going through the UpdatePassword flow in forgeops (see this PR: https://stash.forgerock.org/projects/CLOUD/repos/forgeops/pull-requests/2902/overview )
      I am unable to authenticate after updating the password.

      How to reproduce the issue

      1. Checkout forgeops branch
      2. Update AM dockerfile for Debugging
        1. Uncomment AM debug flags
      3. Once forgeops is started, Create a user in IDM
      4.  I've been using Postman, but call the "Login" tree to get an active session
      5. Now call the "UpdatePassword" tree
        1. Should be required to first enter existing password (which is then verified by the data decision node)
        2. Next enter a new password
      6. The tree then throws a 401 Unauthorized with the stacktrace below
      Expected behaviour
      The user remains logged in after updating their password
      Current behaviour
      {    "code": 401,    "reason": "Unauthorized",    "message": "Login failure",    "detail": {        "failureUrl": ""    }}
      
      See stacktrace below

       

      Work around

      none

      Code analysis

      The code seems to be failing in this method due to the Id's not matching at the Object.equals call within SuccessProcessTreeResult.java

      The stacktrace is as follows:

      org.forgerock.openam.core.rest.authn.exceptions.RestAuthException: Login failure\n\tat org.forgerock.openam.core.rest.authn.trees.FailureProcessTreeResult.authFailureException(FailureProcessTreeResult.java:100)\n\tat org.forgerock.openam.core.rest.authn.trees.SuccessProcessTreeResult.process(SuccessProcessTreeResult.java:135)\n\tat org.forgerock.openam.core.rest.authn.trees.AuthTrees.evaluateTreeAndProcessResult(AuthTrees.java:293)\n\tat org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:263)\n\tat org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:228)\n\tat org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:157)\n\tat jdk.internal.reflect.GeneratedMethodAccessor115.invoke(Unknown Source)\n\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\n\tat org.forgerock.openam.http.annotations.AnnotatedMethod.invoke(AnnotatedMethod.java:81)\n\tat org.forgerock.openam.http.annotations.Endpoints$1.handle(Endpoints.java:77)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.rest.DisableCachingFilter.filter(DisableCachingFilter.java:90)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:88)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.cors.CorsFilter.filter(CorsFilter.java:83)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:85)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:123)\n\tat org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:180)\n\tat org.forgerock.openam.rest.RealmRoutingFactory$HostnameFilter.filter(RealmRoutingFactory.java:100)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.rest.CsrfFilter.filter(CsrfFilter.java:104)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)\n\tat org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:263)\n\tat org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:85)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)\n\tat org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:119)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.ResponseContext$ResponseContextFilter.filter(ResponseContext.java:53)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$static$1(OpenAMHttpApplication.java:60)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$cacheHeaderFilter$3(OpenAMHttpApplication.java:88)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:261)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:741)\n\tat org.forgerock.openam.http.OpenAMHttpFrameworkServlet.service(OpenAMHttpFrameworkServlet.java:47)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:741)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.lambda$doFilter$0(DataStoreConsistencyFilter.java:46)\n\tat org.forgerock.openam.service.datastore.ReentrantVolatileActionConsistencyController.safeExecute(ReentrantVolatileActionConsistencyController.java:37)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.doFilter(DataStoreConsistencyFilter.java:46)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:66)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.forgerock.openam.headers.SecureCookieFilter.doFilter(SecureCookieFilter.java:62)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.forgerock.openam.headers.DisableSameSiteCookiesFilter.doFilter(DisableSameSiteCookiesFilter.java:105)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.forgerock.openam.validation.R
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                phillcunnington Phill Cunnington
                Reporter:
                krismy.alfaro Krismy Alfaro
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: