Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6589

Policy returns incorrect response attributes

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 13.0.0
    • Fix Version/s: None
    • Component/s: policy
    • Labels:
      None
    • Rank:
      1|hzpzov:

      Description

      Requesting a policy decision over REST returns response attributes for the user the policy evaluation was request "as" and not the Subject. The iPlanetDirectoryPro header sets the SSO token for a user who has access to execute the policy eval request. Whereas "subject" holds the user who the policy is evaluated against. I am expecting response attrs for "subject".. but instead I get back response attrs for the amadmin user (iplanetdirpro)
      This is seen in OpenAM 13.0.0-SNAPSHOT Build 12387 (2015-February-07 02:50)

      curl -s -k --request POST --header "X-OpenAM-Username: amadmin" --header "X-OpenAM-Password: ***" --header "Content-Type: application/json" --data "{}" http://hostname/openam/json/authenticate

      {"tokenId":"AQIC5wM2LY4SfcxyqD2opl4f1FMxdDeMyU10zCMVhAogPvo.*AAJTSQACMDEAAlNLABQtODY1MDA2MDQ3MTE4MDY3MTk0Mg..*","successUrl":"/openam/console"}

      curl -s -k --request POST --header "X-OpenAM-Username: user.0" --header "X-OpenAM-Password: password" --header "Content-Type: application/json" --data "{}" http://hostname/openam/json/authenticate

      {"tokenId":"AQIC5wM2LY4Sfcz-f7GxhsMYJrHWVmBMS3hgM5Csb1rtB7k.*AAJTSQACMDEAAlNLABMzODExMjg0ODMyNDIxMDg5MzUw*","successUrl":"/openam/console"}

      curl -X POST -H "iPlanetDirectoryPro: AQIC5wM2LY4SfcxyqD2opl4f1FMxdDeMyU10zCMVhAogPvo.AAJTSQACMDEAAlNLABQtODY1MDA2MDQ3MTE4MDY3MTk0Mg.." -H "Content-Type: application/json" --data '

      {"resources": [ "http://openam.example.com:80/index.html"], "application": "test", "Subject": "AQIC5wM2LY4Sfcz-f7GxhsMYJrHWVmBMS3hgM5Csb1rtB7k.*AAJTSQACMDEAAlNLABMzODExMjg0ODMyNDIxMDg5MzUw*" }

      ' "http://hostname/openam/json/policies/?_action=evaluate&_prettyPrint=true"

      [ {
      "advices" : {
      },
      "resource" : "http://openam.example.com:80/index.html",
      "actions" :

      { "POST" : true, "PATCH" : true, "GET" : true, "DELETE" : true, "OPTIONS" : true, "HEAD" : true, "PUT" : true }

      ,
      "attributes" :

      { "uid" : [ ], "sn" : [ "amAdmin" ], "cn" : [ "amAdmin" ], "userPassword" : [ ], "givenName" : [ "amAdmin" ], "dn" : [ "uid=amAdmin,ou=people,dc=openam,dc=forgerock,dc=org" ] }

      }

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              javed.shah Javed Shah
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: