Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18120

Audit logging service does not correctly reflect the "prompt" URL parameter

    XMLWordPrintable

    Details

    • Rank:
      1|i01bmc:9
    • AM Sustaining Sprint 87, AM Sustaining Sprint 88
    • 3

      Description

      Bug description

      When including prompt=login as a URL parameter (e.g. during the Authorization Code flow in OAuth2), the audit logging service does not log the parameter's value. The logging service works as expected when using prompt=none and prompt=consent.

      How to reproduce the issue

      1. Configure Global Audit Logging and add whitelist /access/http/request/queryParameters
      2. Apply the assumed configuration in To Obtain an Authorization Code Using a Browser
      3. Call https://am.example.com:8443/openam/oauth2/realms/root/authorize?client_id=myClient&response_type=code&scope=write&state=abc123&redirect_uri=https://www.example.com:443/callback&prompt=login
      4. Check access.audit.json:
      {
        "http": {
          "request": {
            "queryParameters": {
            . . .
              "prompt": [
                ""
              ]
            },
            . . .
      }
      1. Call https://am.example.com:8443/openam/oauth2/realms/root/authorize?client_id=myClient&response_type=code&scope=write&state=abc123&redirect_uri=https://www.example.com:443/callback&prompt=consent
      2. Check access.audit.json
      {
        "http": {
          "request": {
            "queryParameters": {
            . . .
              "prompt": [
                "consent"
              ]
            },
            . . .
      }
      

        Attachments

          Issue Links

            Activity

              People

              flynn.bastin Flynn Bastin
              sergio.bettiol Sergio Bettiol
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: