Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6819

User Self Service does not work in AM 12.0.x because of invalid realm

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 12.0.1, 12.0.3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:
      OpenAM 12.0.2-SNAPSHOT Build 15634 (2015-September-10 04:44)
    • Sprint:
      Sustaining Sprint 12

      Description

      User Self Service(registration, Forgot Password) does not work in AM 12.0.x because of invalid realm.

      STEPS TO REPRODUCE
      1.) Default configuration of OpenAM 12.0.x
      2.) Configure Email Service
      3.) Configure User Self Service (Self-Registration for Users / Forgot Password for Users = true)
      After save configuration I observed following exception in the CoreSystem log:

      frRest:09/11/2015 03:59:24:558 PM BST: Thread[smIdmThreadPool,5,main]
      ERROR: Not able to initialize Rest Security service settings for realm  Exception: java.lang.NullPointerException
      java.lang.NullPointerException
      	at org.forgerock.openam.services.RestSecurity.initializeSettings(RestSecurity.java:135)
      	at org.forgerock.openam.services.RestSecurity.access$300(RestSecurity.java:39)
      	at org.forgerock.openam.services.RestSecurity$RestSecurityChangeListener.organizationConfigChanged(RestSecurity.java:81)
      	at com.sun.identity.sm.ServiceConfigManagerImpl.notifyOrgConfigChange(ServiceConfigManagerImpl.java:499)
      	at com.sun.identity.sm.ServiceConfigManagerImpl.objectChanged(ServiceConfigManagerImpl.java:459)
      	at com.sun.identity.sm.SMSNotificationManager.sendNotifications(SMSNotificationManager.java:294)
      	at com.sun.identity.sm.SMSNotificationManager$LocalChangeNotifcationTask.run(SMSNotificationManager.java:370)
      	at com.iplanet.am.util.ThreadPool$WorkerThread.run(ThreadPool.java:306)
      

      4.) Hit the AM page
      5.) Click on "Register" (the same issue for Forgot password) and provide valid email address
      6.) I received email with following link:

      http://perf-openam2.internal.forgerock.com:8080/openam/XUI/confirm.html?confirmationId=ICtCKKjamryi2hzFqEgbJMihfpk%3D&email=richard.hruza%40profiq.com&tokenId=xRP6u74HbYqeClHI%2F9%2Ff36K1H4E%3D&realm=/
      

      7.) Provide User Name, Last Name and Password and Submit the request
      Expected result: User is created and it is possible to login with him
      Observed result:
      400 Bad Request (http://perf-openam2.internal.forgerock.com:8080/openam/json/users?_action=confirm&realm=/)
      CoreSystem debug log:

      frRest:09/11/2015 04:13:14:972 PM BST: Thread[http-bio-8080-exec-12,5,main]
      ERROR: IdentityResource.validateToken: Invalid realm : 
      frRest:09/11/2015 04:13:14:972 PM BST: Thread[http-bio-8080-exec-12,5,main]
      ERROR: IdentityResource.confirmationIdCheck: Cannot confirm registration/forgotPassword for : richard.hruza@profiq.com
      org.forgerock.json.resource.BadRequestException: Invalid realm
      	at org.forgerock.openam.forgerockrest.IdentityResourceV2.validateToken(IdentityResourceV2.java:625)
      	at org.forgerock.openam.forgerockrest.IdentityResourceV2.confirmationIdCheck(IdentityResourceV2.java:566)
      	at org.forgerock.openam.forgerockrest.IdentityResourceV2.actionCollection(IdentityResourceV2.java:652)
      	at org.forgerock.json.resource.Resources$CollectionHandler.handleAction(Resources.java:226)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:208)
      	at org.forgerock.json.resource.VersionRouter$VersionRouterImpl.handleAction(VersionRouter.java:463)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:208)
      	at org.forgerock.json.resource.VersionRouter.handleAction(VersionRouter.java:300)
      	at org.forgerock.openam.rest.resource.CrestRouter.handleAction(CrestRouter.java:76)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:208)
      	at org.forgerock.json.resource.VersionRouter.handleAction(VersionRouter.java:300)
      	at org.forgerock.openam.rest.resource.CrestRouter.handleAction(CrestRouter.java:76)
      	at org.forgerock.openam.rest.fluent.LoggingFluentRouter.handleAction(LoggingFluentRouter.java:67)
      	at org.forgerock.json.resource.Resources$InternalConnection.actionAsync(Resources.java:394)
      	at org.forgerock.json.resource.servlet.RequestRunner.visitActionRequest(RequestRunner.java:100)
      	at org.forgerock.json.resource.servlet.RequestRunner.visitActionRequest(RequestRunner.java:54)
      	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:155)
      	at org.forgerock.json.resource.servlet.RequestRunner.handleResult(RequestRunner.java:92)
      	at org.forgerock.json.resource.servlet.RequestRunner.handleResult(RequestRunner.java:54)
      	at org.forgerock.json.resource.Resources$InternalConnectionFactory.getConnectionAsync(Resources.java:497)
      	at org.forgerock.json.resource.servlet.HttpServletAdapter.doRequest(HttpServletAdapter.java:558)
      	at org.forgerock.json.resource.servlet.HttpServletAdapter.doPost(HttpServletAdapter.java:476)
      	at org.forgerock.json.resource.servlet.HttpServlet.doPost(HttpServlet.java:204)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
      	at org.forgerock.json.resource.servlet.HttpServlet.service(HttpServlet.java:339)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      	at org.forgerock.openam.rest.RestEndpointServlet.service(RestEndpointServlet.java:125)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at org.forgerock.jaspi.runtime.JaspiRuntime.processMessage(JaspiRuntime.java:173)
      	at org.forgerock.jaspi.JaspiRuntimeFilter.doFilter(JaspiRuntimeFilter.java:131)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
      	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
      	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
      	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:724)
      

      If I changed the link which I received in mail and delete the "&realm=/" at the end of link, I am able to create user(the same for forgot password). Link looks like this:

      http://perf-openam2.internal.forgerock.com:8080/openam/XUI/confirm.html?confirmationId=ICtCKKjamryi2hzFqEgbJMihfpk%3D&email=richard.hruza%40profiq.com&tokenId=xRP6u74HbYqeClHI%2F9%2Ff36K1H4E%3D
      

      I am not able to reproduce this case with AM13(tested with OpenAM 13.0.0-SNAPSHOT Build 15534 (2015-September-05 02:50))

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                richard.hruza Richard Hruza
                QA Assignee:
                Richard Hruza
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: