Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3019

HTTPBasic doesn't set correct validatedUserId in Principal

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 9.5.5, 10.0.0, 10.0.1, 10.1.0-Xpress
    • Fix Version/s: 9.5.6, 10.0.2, 11.0.0, 12.0.0
    • Component/s: None
    • Labels:
      None
    • Rank:
      1|hzo3jz:

      Description

      1. Setup a datastore that uses uid for searching for users.
      2. setup an LDAP authentication module that has [a] uid for the "Attribute used to retrieve user profile" and [b] mail for the "Attribute used to search for a User to be Authenticated"
      3. configure a basic auth module that wraps the above LDAP module.
      4. setup a chain with just LDAP module in (ldapService)
      5. setup a chain with just the BasicAuth module in (BasicAuth)

      Login to the server using Service=ldapService and passing mail as the username. Authentication should be successful.

      Login to the server using Service=BasicAuth again passing mail as the username. Authentication will fail because mail attribute value will be used and not value of uid to search for the user's profile.

      This is because HTTPBasic#getPrincipal will use validatedUserID = userName, which in this case will be mail attribute value and not Principal from backend module (LDAP)

        Attachments

          Activity

            People

            Assignee:
            sachiko Sachiko Wallace
            Reporter:
            sachiko Sachiko Wallace
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: