Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5153

Auth modules should call setAuthLevel after successful login

    Details

    • Sprint:
      AM Sustaining Sprint 35, AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38, AM Sustaining Sprint 39, AM Sustaining Sprint 40
    • Story Points:
      5
    • Support Ticket IDs:

      Description

      OpenAM auth modules seems to call setAuthLevel() inconsistently.

      There are mainly 3 types of auth modules :
      (1) Module that sets authentication level when it is called.
      (2) Module that sets authentication level when the module succeed in authentication.
      (3) Module that does not seem to set authentication level.

      Example of (1) are DataStorage and Adaptive Risk.
      Example of (2) is Anonymous.
      Example of (3) is Device Print.

      Because of OPENAM-5152, LoginState miscalculate authlevel. That is, if you have auth chain like below :

      DataStore: Requisite (authlevel=2)
      Adaptive Auth : Sufficient (authlevel=6)
      DevicePrint : Sufficient (authlevel=4)

      Adaptive Auth will call setAuthLevel() during init() so LoginState will hold moduleAuthLevel=6 even when it fails. Then if successful module list was

      {DataStore, DevicePrint}

      , it will only hold authlevel=2 because of OPENAM-5152 and authLevel will be smaller than moduleAuthLevel so auth process will miscalculate auth level.

      Each auth module should have consistent way of calling setAuthLevel() so to prevent miscalculation of auth level

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: