Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17160

Changing to CTS_GRANT_SET and using a cookie acquired whilst using CTS_ONE_TO_ONE causes timeouts

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.5.2.3, 6.5.3
    • None
    • oauth2
    • None
    • 5

      Description

      Bug description

      Changing to CTS_GRANT_SET and using a cookie acquired whilst using CTS_ONE_TO_ONE causes timeouts. AM will wait for the entire CTS timeout (org.forgerock.services.cts.async.queue.timeout) which is 120 seconds by default.

      How to reproduce the issue

      1. Configure OAuth2 Provider and Client
      2. Authenticate as demo
      3. Call authorize endpoint, provide consent and get authorization code 
      4. Change grant set to CTS_GRANT_SET
      5. Using the same cookie, call authorize endpoint again and provide consent
      Expected behaviour
      New authorization code provided or AM should fail faster/gracefully
      Current behaviour
      Browser fails with:
      Failed to read GrantSet from store:
      Client ID: myOAuth2Client
      Resource Owner: demo&error=server_error
      
      Logs show:
      ERROR: StatefulGrantSetTokenStore::Unable to query CTS for existing grant set: {}
      org.forgerock.openam.cts.exceptions.QueryFailedException: 
      CTS: Query operation Failed:
      Error: 
      CTS: Timed out whilst waiting for result

      Work around

      Get a new cookie.

        Attachments

          Activity

            People

            Unassigned Unassigned
            aaron.haskins Aaron Haskins
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated: