Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6615

12.0.1 Legacy Password reset options page does not display when clicking "Edit" on user profile page


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.1
    • Fix Version/s: 11.0.4, 12.0.3, 13.0.0
    • Component/s: console
    • Labels:
    • Environment:
      CentOS 6.6, Tomcat 7.035, Java 1.6.0_45-b06
    • Sprint:
      Sustaining Sprint 12


      Working on OpenAM 420 beta labs and ran into issue with security questions while using Legacy UI in 12.0.1 not reproducible in 12.0.0.
      The main problem is that I do not see any security questions for Password Reset Options on the users profile page.
      Same config as 12.0.0 Disable XUI to use (legacy) Password Reset features
      Navigate to end user profile page > click on Edit link for Password Reset Options > No options displayed.

      The error in CoreSystem looks like UMUserPasswordResetOptionsViewBean is being protected.
      "WhitelistObjectInputStream.resolveClass:com.sun.identity.console.user.model.UMUserPasswordResetOptionsData was not i n the whitelist of allowed classes"

      Security settings have a whitelist that is pre-populated with allowed classes and this is not one of them.
      Looks like a new bug on the back of the JATO security fix.
      Adding com.sun.identity.console.user.model.UMUserPasswordResetOptionsData to the existing whitelist, resolves the problem.
      I can now see and edit the legacy PW Reset options.

      See OPENAM-6468 for the workaround.
      OPENAM-6468 : InvalidClassException with certauth after #201505-01




            • Assignee:
              markdr Mark de Reeper
              salbertelli01 sheila albertelli
            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created: