Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16707

Error in the documentation "Web Site Protected With OAuth 2.0"

    XMLWordPrintable

    Details

    • Rank:
      1|i01x13:
    • No
    • No
    • No
    • No (add reasons in the comment)

      Description

      Tested with AM 6.5.2.3

      How to reproduce the issue

      Follow the documentation in

      2.3.1. Web Site Protected With OAuth 2.0

      #1.

       Step 7 See below

      Before you try it out, on the AM server configured to act as an OAuth 2.0 client, you must make the following additional change to the configuration.
      Your AM OAuth 2.0 client authentication module is not part of the default chain, and therefore AM does not call it unless you specifically request the OAuth 2.0 client authentication module.
      To cause the Java agent to request your OAuth 2.0 client authentication module explicitly, navigate to your agent profile configuration, in this case Realms > Top Level Realm > Applications > Agents > Java > Agent Name > AM Services > AM Login URL, and add http://client.example.com:8080/openam/XUI/?realm=/&module=OAuth2#login, moving it to the top of the list.
      

       

      Remove #login in the URL in step 7

      http://client.example.com:8080/openam/XUI/?realm=/&module=OAuth2

      #2. 

      Set Subject Property : cn ( instead of sub, which is the default ).

      If not, you will get this error

       

      javax.security.auth.login.LoginException: org.forgerock.json.JsonValueException: /sub: Expecting a value
      at org.forgerock.json.JsonValue.required(JsonValue.java:1211)
      at org.forgerock.oauth.clients.oauth2.OAuth2UserInfo.<init>(OAuth2UserInfo.java:32)
      at org.forgerock.oauth.clients.oauth2.OAuth2Client.lambda$mapToUserInfo$1(OAuth2Client.java:163)
       
      

       

      #3.

      Account Mapper : org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper

       

      Attribute Mapper :

      org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper 

       

      Else, you will get these  errors

       

       ERROR: OAuth.getUser: Problem when trying to get the Attribute Mapper
      java.lang.ClassNotFoundException: org.forgerock.openam.authentication.modules.oauth2.DefaultAttributeMapper
              at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1352)
              at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1180)
              at java.lang.Class.forName0(Native Method)
              at java.lang.Class.forName(Class.java:264)
              at org.forgerock.openam.authentication.modules.oauth2.OAuthUtil.getConfiguredType(OAuthUtil.java:366)
              at org.forgerock.openam.authentication.modules.oauth2.OAuthUtil.getAttributesMap(OAuthUtil.java:311)
       
      

       

       

      Exception :
      com.sun.identity.authentication.spi.AuthLoginException: Problem when trying to instantiate org.forgerock.openam.authentication.modules.oauth2.DefaultAccountMapper
      org.forgerock.openam.authentication.modules.oauth2.DefaultAccountMapper
              at org.forgerock.openam.authentication.modules.oauth2.OAuthUtil.instantiateByClass(OAuthUtil.java:353)
              at org.forgerock.openam.authentication.modules.oauth2.OAuthUtil.instantiateAccountMapper(OAuthUtil.java:332)
              at org.forgerock.openam.authentication.modules.social.ProfileNormalizer.getAccountMapper(ProfileNormalizer.java:58)
      
      < truncated >
      
      Caused by: java.lang.ClassNotFoundException: org.forgerock.openam.authentication.modules.oauth2.DefaultAccountMapper
              at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1352)
              at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1180)
              at java.lang.Class.forName0(Native Method)
              at java.lang.Class.forName(Class.java:264)
      

       

        Attachments

          Activity

            People

            cristina.herraz Cristina Herraz [X] (Inactive)
            sam.phua Sam Phua
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: