Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6751

acr_values in AuthZ request is ignored if the user is already logged in

    Details

    • Sprint:
      Sprint 94 - Team Tesla

      Description

      The OpenAM OAuth2 authorize endpoint allows parameter acr_values, see: https://backstage.forgerock.com/#!/docs/openam/12.0.0/admin-guide/chap-openid-connect#mobile-connect-table-auth-request-params.
      If the user is already connected to OpenAM when accessing to authorize endpoint, OpenAM does not provide for the authentication chain requested.

      Workaround: it is possible to force authentication using the parameter « prompt=login »

      Source code : http://sources.forgerock.org/browse/openam/tags/12.0.0-1/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/OpenAMResourceOwnerSessionValidator.java

        Attachments

          Activity

            People

            • Assignee:
              jamesphillpotts James Phillpotts
              Reporter:
              leonard.moustacchis Leonard Moustacchis
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: