Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16622

Authentication using authIndexType=user has inconsistent behavior

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: trees
    • Labels:
      None
    • Rank:
      1|i01rdj:
    • Support Ticket IDs:

      Description

      Bug description

      The authentication parameter user (described here: https://ea.forgerock.com/docs/am/authentication-guide/authn-from-browser.html#authn-from-browser-parameters) seems to be broken. This has been tested directly through the /authentication endpoint which seems to rule out a UI issue. First, when an auth tree is configured as the 'User Authentication Configuration' for an identity, the corresponding post to the authenticate endpoint (https://default.iam.example.com/am/json/realms/root/authenticate?realm=%2F&authIndexType=user&authIndexValue=user.0) returns that there was no configuration found. If a chain is set, the endpoint will return that chain and ONLY that chain no matter what the configuration is changed to for subsequent attempts. Even changing to another chain only results in the first configured chain being returned. I also tested this in standalone 7.0 am and found the behavior to be identical to platform.

      How to reproduce the issue

      1. Create a user. (I used user.0 as username)
      2. In AM: Top Level Realm -> identities -> user created in step 1
      3. Set the value for User Authentication Configuration to a tree (I used Login for my testing in platform)
      4. Navigate to https://default.iam.example.com/am/XUI/?realm=/&user=user.0
      5. go back to the user in am and change the User Authentication Configuration to amsterService
      6. Navigate to https://default.iam.example.com/am/XUI/?realm=/&user=user.0
      7. go back to the user in am and change the User Authentication Configuration to ldapService
      8. Navigate to https://default.iam.example.com/am/XUI/?realm=/&user=user.0
      Expected behaviour

      Be presented with Login tree for step 4, amsterService for step 6, and ldapService for step 8.

      Current behaviour

      No configuration found in step 4, amsterService for step 6 (this is correct), and amsterService in step 8.

      Work around

      none

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            michael.wong Michael Wong
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: