[OPENAM-5541] Resource based auth doesn't work in sub realm - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 11.0.1, 11.0.2, 12.0.0
Fix Version/s: 11.0.4, 12.0.3
Component/s: authentication, policy
Labels:
- EDISON
- release-notes

Support Ticket IDs:

Description

You will need to disable XUI because of ~~OPENAM-3135~~

To reproduce:

Install OpenAM
If you are on 12.0.0, disable XUI (Configuration > Authentication > Core > XUI interface > uncheck box)
create subrealm
Install agent under subrealm
Configure OpenAM Login URL for the agent: http://openam.example.com:8080/openam/UI/Login?resource=true&realm=testrealm01
Create a policy with ConditionToService set to a chain that is not the default for the realm

When accessing the protected resource, you will get "An internal authentication error has occurred." error.

amLoginViewBean:02/13/2015 08:45:17:705 AM NZDT: Thread[http-18080-1,5,main]
getLoginDisplay exception:
java.lang.NullPointerException
        at com.sun.identity.entitlement.ReferralPrivilege.evaluate(ReferralPrivilege.java:489)
        at com.sun.identity.entitlement.PrivilegeEvaluator$PrivilegeTask.run(PrivilegeEvaluator.java:423)
        at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:335)
        at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:248)
        at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:216)
        at com.sun.identity.policy.PolicyEvaluator.getPolicyDecisionE(PolicyEvaluator.java:872)
        at com.sun.identity.policy.PolicyEvaluator.getPolicyDecision(PolicyEvaluator.java:819)
        at com.sun.identity.policy.PolicyEvaluator.getPolicyDecisionIgnoreSubjects(PolicyEvaluator.java:2444)
        at com.sun.identity.policy.ProxyPolicyEvaluator.getPolicyDecisionIgnoreSubjects(ProxyPolicyEvaluator.java:257)
        at com.sun.identity.policy.util.PolicyDecisionUtils.getActionDecision(PolicyDecisionUtils.java:135)
        at com.sun.identity.policy.util.PolicyDecisionUtils.doResourceIPEnvAuth(PolicyDecisionUtils.java:122)
        at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:479)
        at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:419)
        at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:911)
        at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:862)
        at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519)

Attachments

Issue Links

is related to

OPENAM-5451 Resource based authentication does not work as expected in 12 (with legacy UI)

Resolved

Activity

People

Assignee:

Sachiko Wallace

Reporter:

Sachiko Wallace

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

12/Feb/15 7:47 PM

Updated:

20/Nov/16 12:21 PM

Resolved:

12/Jun/15 2:36 AM