Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3335

REST authentication inconsistency with ZPL

    Details

    • Sprint:
      Sprint 48

      Description

      Configure the following chain:
      PersistentCookie SUFFICIENT
      DataStore REQUIRED

      Make this chain the default org chain in the realm.

      Now if you try to perform ZPL:

      curl -v -d "" -H "X-OpenAM-Username:demo" -H "X-OpenAM-Password:changeit" -H "Content-Type: application/json" http://openam.example.com:8080/openam/json/authenticate
      

      You'll get back a token ID and a session-jwt cookie in the response.

      If you then do a semi-zero page login using the POST payload:

      curl -v -d '{ "template": "", "stage": "DataStore1", "callbacks": [ { "type": "NameCallback", "output": [ { "name": "prompt", "value": " User Name: " } ], "input": [ { "name": "IDToken1", "value": "demo" } ] }, { "type": "PasswordCallback", "output": [ { "name": "prompt", "value": " Password: " } ], "input": [ { "name": "IDToken2", "value": "changeit" } ] } ] }' -H "Content-Type: application/json" http://openam.example.com:8080/openam/json/authenticate
      

      then you get back the same set of callbacks with an authId and no session-jwt cookie. Submitting the POST with the received authId will result in a successful authn with session-jwt cookie, however I'm not sure why this two authentication method differs.

        Attachments

          Activity

            People

            • Assignee:
              phillcunnington Phill Cunnington
              Reporter:
              peter.major Peter Major
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: