Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17245

'User Attribute Mapping to Session Attribute' does not work for authentication trees

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 6.5.1, 6.5.0.2, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3, 5.5.2, 7.0.0, 6.5.3, 6.5.4, 7.0.1
    • None
    • Rank:
      1|i03787:

      Description

      Bug description

      Functionality 'User Attribute Mapping to Session Attribute' does not work when configuring trees.

      How to reproduce the issue

      1. Configure 'User Attribute Mapping to Session Attribute' (mail to user.mail as mentioned in https://backstage.forgerock.com/docs/am/6.5/authentication-guide/index.html#authn-core-post-auth)
      2. Perform service-based authentication using 'Example' tree
      Expected behaviour
      Protected SSO session properties should be set in the same way as when using authentication chains
      
      Current behaviour
      Protected SSO session properties are not set
      

      Work around

      Build custom nodes / scripted node that leverages AMIdentityRepository (https://backstage.forgerock.com/docs/am/6.5/apidocs/com/sun/identity/idm/AMIdentityRepository.html) to retrieve AM user identity attributes from identity stores to set them as SSO session properties.

      Backdraw:
      Custom code (script) without configuration, configuration change requires code change
      SSO session properties are not protected

      Sidenote: The feature 'User Attribute Mapping to Session Attribute' is widely used and there is no replacement provided by the product.

        Attachments

          Issue Links

            Activity

              People

              chee-weng.chea C-Weng C
              bthalmayr Bernhard Thalmayr
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated: