Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-2689

OAuth2 Client module does not work when used with SAML

    XMLWordPrintable

    Details

    • Rank:
      1|hzlzpz:
    • Sprint:
      Sprint 34, Sprint 35, Sprint 36, Sprint 37, Sprint 38, Sprint 39

      Description

      Since OPENAM-1858, "AMAuthCookie=" is appended to the login URL, so it always initiates a new authentication session. Unfortunately the OAuth2 module saves this as ORIG_URL, and this will cause some real problems after successful authentication at the OAuth2 Provider. When it redirects back to the ORIG_URL, AMAuthCookie will be still there and that will result in creating a new auth session and new module instance. This will result in some unexpected failures, since proxyURL won't be correctly initialized.

      Steps to reproduce:

      • Set up OAuth2 client module with Facebook or Google
      • make this OpenAM instance a SAML IdP
      • create a SAML SP instance as well
      • try to do SP initiated SSO

      Expected:
      user gets authenticated, and a SAML Assertion is sent back to the SP

      Actual:
      user sees an Authentication Failed screen.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              peter.major Peter Major [X] (Inactive)
              QA Assignee:
              Garyl Erickson Garyl Erickson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: