Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-171

"Authentication by Module Chain" fails when used in a sub-realm

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Express8, Snapshot9, Snapshot9.5
    • 9.5.5, 10.0.0-EA
    • authentication
    • OpenSSO Enterprise 8.0 Update 1 Patch3 Build 6.1(2010-February-8 08:04)
    • Rank:
      1|hzn47r:

      Description

      This error occurs under the following conditions:

      • Policies protecting a URL are located in a realm (not root realm)
      • One of the policies is using the "Authentication by Module Chain" condition (or other condition which causes a session upgrade)
      • The authentication chain specified in the condition is contained within the realm
      • An authentication chain with the same name does not exist in the root realm

      When accessing the protected resource, the user is directed to log in again. After entering valid credentials, an error is displayed: "Login Failed Session Activation Failed".

      The error is caused by a bug in LoginState.java . During the session upgrade, the code refers to "orgName". It should be calling the method "getOrgName()" which first checks to see if the orgName is null and then sets the orgName variable correctly.

      A workaround for this error is to add a copy of the authentication chain to the root realm. The reason this works is because the orgName mentioned previously is always null, indicating the root realm.

        Attachments

          Activity

            People

            steve Steve Ferris
            rmeakins rmeakins
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: