Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16597

Not possible to upgrade session with LDAP module

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 7.0.0
    • 7.0.0
    • None
    • ForgeRock Access Management 7.0.0-M2020-11.1 Build a13aeea51eaeefa61337bbceaf599b7e8d711fb6 (2020-August-04 14:12)
    • Rank:
      1|i01q8v:
    • No
    • No
    • No
    • Yes and I used the same an in the description

      Description

      Bug description

      Not possible to upgrade session with LDAP module

      How to reproduce the issue

      1. Default installation of AM (amadmin / password)
      2. Login as demo user to AM (demo / Ch4ng31t)
      3. Get a SSO token and store it as variable (SSO="......")
      4. Do an upgrade request to AM via LDAP module with SSO token from step 3 (sessionUpgradeSSOTokenId=${SSO})
      http POST "http://riso-ubuntu18.test.forgerock.com:8080/am/json/realms/root/authenticate?ForceAuth=true&sessionUpgradeSSOTokenId=${SSO}&authIndexType=Module&authIndexValue=LDAP" \
      "X-OpenAM-Username: demo" \
      "X-OpenAM-Password: Ch4ng31t" \
      "Accept-API-Version: resource=2.0, protocol=1.0" --verbose
      
      Expected behaviour

      Session is upgraded

      Note: output from AM 6.5.2.2

      HTTP/1.1 200 
      Cache-Control: no-cache, no-store, must-revalidate
      Connection: keep-alive
      Content-API-Version: resource=2.1
      Content-Length: 163
      Content-Type: application/json
      Date: Wed, 05 Aug 2020 10:29:41 GMT
      Expires: 0
      Keep-Alive: timeout=20
      Pragma: no-cache
      Set-Cookie: amlbcookie=01; Domain=riso-ubuntu18.test.forgerock.com; Path=/
      Set-Cookie: iPlanetDirectoryPro=gPh_ESylyma6ZUjYBTJPImXPYx8.*AAJTSQACMDEAAlNLABxucldaUjIzNllHQ1d5dC9VZVRGamc0bUx6ck09AAR0eXBlAANDVFMAAlMxAAA.*; Domain=riso-ubuntu18.test.forgerock.com; Path=/
      X-Frame-Options: SAMEORIGIN
      
      {
          "realm": "/",
          "successUrl": "/am/console",
          "tokenId": "gPh_ESylyma6ZUjYBTJPImXPYx8.*AAJTSQACMDEAAlNLABxucldaUjIzNllHQ1d5dC9VZVRGamc0bUx6ck09AAR0eXBlAANDVFMAAlMxAAA.*"
      }
      
      
      Current behaviour

      Session is not upgraded and AM returns 401

      HTTP/1.1 401 
      Cache-Control: private
      Cache-Control: no-cache, no-store, must-revalidate
      Connection: keep-alive
      Content-API-Version: resource=2.1
      Content-Length: 70
      Content-Type: application/json
      Date: Wed, 05 Aug 2020 10:22:21 GMT
      Expires: 0
      Keep-Alive: timeout=20
      Pragma: no-cache
      Set-Cookie: amlbcookie=01; Path=/; Domain=riso-ubuntu18.test.forgerock.com; HttpOnly
      X-Content-Type-Options: nosniff
      X-Frame-Options: SAMEORIGIN
      
      {
          "code": 401,
          "message": "Authentication Failed",
          "reason": "Unauthorized"
      }
      

       

       

      Note: This case causes 2 agent tests fail: upgradeSessionWithCustomLoginPage & upgradeSessionWithCustomLoginPageAndDifferentSession (https://temper-dashboard.engineering.forgerock.com/openam/master/functional)

        Attachments

          Activity

            People

            phillcunnington Phill Cunnington
            richard.hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: